Knowledge Essentials - 3Essentials Hosting

Security Bulletin: FTP password theft and javascript injection

Article ID: 911

 Back to Search

Over the past 12 months, website administrators everywhere have experienced an increase in the amount of hacking of their websites.  Simply google "ftp hack" and you'll see loads and loads of articles, blogs and forum postings from website administrators on this topic. 

McAfee recently published a very interesting article that talked examined a simple piece of malware found on end user's systems that:

  • opened a listener on the system for any FTP traffic, and captured FTP server, username and passwords when used (because FTP sends them in clear text).
  • uses those FTP username and passwords to connect to the site, and check for existence of common filenames (like index.html, default.asp, etc)
  • INSERTS into those files an encoded (in order to hid/obfuscate what it does) javascript which causes a visitor to that page to unknowingly connect to a malicious website to download malicious code.

If you administer a website, we strongly recommend you read this article:

- 3Essentials Network & Security team

Downloads Associated With This Article
No downloads are currently associated with this article.