Over the past 12 months, website administrators everywhere have experienced an increase in the amount of hacking of their websites.  Simply google "ftp hack" and you'll see loads and loads of articles, blogs and forum postings from website administrators on this topic. 

McAfee recently published a very interesting article that talked examined a simple piece of malware found on end user's systems that:

• opened a listener on the system for any FTP traffic, and captured FTP server, username and passwords when used (because FTP sends them in clear text).
• uses those FTP username and passwords to connect to the site, and check for existence of common filenames (like index.html, default.asp, etc)
• INSERTS into those files an encoded (in order to hid/obfuscate what it does) javascript which causes a visitor to that page to unknowingly connect to a malicious website to download malicious code.

If you administer a website, we strongly recommend you read this article:

http://www.avertlabs.com/research/blog/index.php/2008/04/29/password-stealing-trojan-with-dash-of-ftp-and-a-hint-of-parasite/

- 3Essentials Network & Security team