Knowledge Essentials - 3Essentials Hosting

Security Bulletin: FTP login credentials at major corporations breached

Article ID: 953

 Back to Search

We've published previous articles about malware that obtains FTP user accounts and passwords from your PC, and then makes it available to hackers to allow them to modify your site.  Occasionally, we actually see this in action when a customer notifies us their site has been modified by someone other by them, and their site has been defaced or (most popular now) links have been inserted into their site pointing to OTHER sites, where those sites host malicious malware which is attempted to download to visitors computers.

Sometimes this is hard for end users to accept, but I'd like to point out an article by The Register that references a recently circulating trojan so widely and effectively spread, it was found to have captured and uploaded over 68,000 FTP credentials to a hacker's repository of stolen credentials... some other articles reported the number as high as 88,000.  TheRegister reports these included credentials for the BBC, Amazon, Cicso and even McAfee and Symantec servers.

We recommend you read the article(s) below... then ask yourself if you're diligently keeping your system updated appropriately:
  • make sure your system is configured to automatically download and install system updates to ensure you're getting the most recent security patches as quickly as possible.
  • make sure your webbrowser is completely up to date with the most recent version and updates.
  • make sure you have anti-virus and anti-malware software on your system, that it is enabled, that it is running real-time, that it is configured to automatically get software and signature updates, and that it is configured to run a complete system scan at least once per week.

You may also be able to take advantage of 3Essentials FTP-ACL options for locking down FTP access to your hosting space: http://knowledge.3essentials.com/web-hosting/article/742/FTP-ACL-Securing-your-site-through-restricted-FTP-access.html

Here's the article from The Register:
http://www.theregister.co.uk/2009/06/26/ftp_malware_hack

Additional articles on this incident providing more details:
http://www.scmagazineus.com/FTP-login-credentials-at-major-corporations-breached/article/139178/

http://www.internet-security.ca/internet-security-news-023/hackers-steal-ftp-login-credentials-of-symantec-mcafee-others.html

 

 

 
Downloads Associated With This Article
No downloads are currently associated with this article.