HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 10 MINUTES AGO.
You are here: Home / Network Security / Hackers Use SaaS To Sell Passwords
Hackers Use SaaS To Auction FTP Passwords, Inject Code
Hackers Use SaaS To Auction FTP Passwords, Inject Code
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
28
2008


More than 8,700 FTP log-in names and passwords are being peddled at an online auction site for stolen data, according to security firm Finjan. The site includes software that lets criminals hack Web servers and automatically inject crimeware that infects visitors to the Web site.

Some of the information opens a back door into Fortune 500 companies in manufacturing, telecom, media, online retail and IT, as well as government agencies. The stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com.

Putting a Price on Stolen Data

Finjan's Malicious Code Research Center detailed the workings of the software, dubbed the NeoSploit 2 toolkit, that is designed to exploit and trade FTP account credentials stolen from legitimate companies.

Here's how it works: The software uses an eBay-like trading interface to qualify the stolen accounts in terms of the country where the server is located and the Google page ranking of the compromised server. Cybercriminals use the information to set a price for the compromised FTP credentials so they can be resold to other cybercriminals or adjust an attack on more prominent sites. The software also allows cybercriminals to use the FTP credentials to automatically inject HTML IFrame tags into Web pages on the compromised server.

"Software as a service (SaaS) has been evolving for sometime, but until now it has been applied only to legitimate applications. With this new trading application, cybercriminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting both the legitimate Web sites and its unsuspecting visitors. All of this can be easily achieved with just one push of a button," said Yuval Ben-Itzhak, CTO of Finjan.

According to Finjan, the NeoSploit 2 toolkit marks a serious escalation of crimeware potential, since it uses the SaaS business model.

The fact that cybercriminals are becoming more organized and sophisticated shouldn't be news to any IT department fighting the ever-growing threat. However, many businesses will be wondering if they might be the next victim, according to Graham Cluley, a senior technology consultant at Sophos.

Criminals Target the Unsuspecting

Sophos experts are discovering 6,000 newly infected Web pages every day -- that's one every 14 seconds. Eighty-three percent of those Web pages belong to companies and individuals who are not aware that their sites have been hacked.

"Criminal gangs are not only infecting Web pages, they are also trading user names and passwords to waltz straight onto corporate Web sites and plant dangerous code," Cluley said. "That means that even if your Web site does not have a vulnerability on it which can be exploited, the hackers can walk in through a side entrance."

Criminals can then target any computer user by sending e-mails containing links to the poisoned Web pages, directing victims to the malicious code. In some cases, Cluley said, the Web sites can even determine if the visitor is using a Mac or a PC, and deliver malware custom-written for the surfer's operating system.

"IT departments should regularly audit the user names and passwords which have FTP access to their Web site, and ensure that passwords are changed regularly so that if they do fall into the wrong hands, they cannot be abused for too long," Cluley said. "Some firms may wish to implement additional authentication methods to ensure that the person uploading code to the Web site really is who he or she claims to be."

The bottom line is that the money to be made through cybercrime is astronomical. Like other security analysts, Cluley said we can expect more criminals to adopt techniques used by legitimate businesses and software developers to streamline their activities.

Read more on: FTP, SaaS, Cybercriminals, eBay
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
As potential legal liabilities for the company behind Ashley Madison, a dating site for married people, continue to mount, Noel Biderman, the firm's co-founder and CEO has stepped down.

ENTERPRISE HARDWARE SPOTLIGHT
Is Windows 10 killing the PC market? Something is going on. IDC predicts worldwide PC shipments will fall 8.7 percent in 2015 -- and shipments aren’t expected to stabilize until 2017.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.