More than 7,000 FTP Websites and servers Hijacked to Distribute Malware – Hold Security

Security experts of security firm Hold Security say that around 7,000 FTP (File Transfer Protocol) websites and web servers have been hijacked to serve malicious software or malware.

The function of FTP sites as Internet file caches are reachable remotely mainly via Web browsers.

Users having login information can upload and download files from them however other Internauts can also recover certain files horded on such a web server with a specific link leading to the file (and without providing login credentials). Because of this, login information to FTP web servers become a appreciated haul for cybercriminals as they upload malware and maligned links to the web server and then insert direct links to them in spam e-mails delivered to victims.

Scammers occasionally also controlled access to a FTP server to hijack connected web services.

The victim firms hosting abused FTP websites are distributed across the spectrum from minute companies to personal accounts with ISPs to key MNCs (multi-national corporations). According to experts, the attackers have planted PHP scripts with backdoors and viruses in many directories with the hope of gaining access to web services of the targeted organization. HTML files which seamlessly redirect users to malicious sites have also been uploaded to the compromised servers.

The FTP sites are hijacked in many ways with some of them are easy to compromise as they use anonymous and default of publicly available credentials. Also cybercriminals gather FTP credentials with the help of Botnets.

The victimized FTP sites can be used to lure and direct innocent Internet surfers to sites peddling financial schemes, pornography and prescription medications among other exploits.

Chief Information Security Officer of Hold Security Alex Holden said that servers of The New York Times (NYT) and UNICEF are in the list of affected servers. Softpedia.com published a report on 14th February, 2014 stating that representative of NYT have told the publication that they are working on securing the server in question.

He urged companies to re-examine their FTP implementations to minimize theft of credentials, uploading of malware and interconnectivity to other services specially Web and end-users should also be more vigilant about embedded links they follow even to legitimate sites.

» SPAMfighter News - 2/21/2014