Securiity researchers discovered that new malicious code spread
through the black market is making its way onto some of the largest
corporate Web sites in the world. San Jose-based Finjan, a security
company specializing in Web gateway solutions, announced today that it
uncovered a database containing more than 8,700 harvested FTP account
credentials, including usernames, passwords and server addresses,
spread through a malicious toolkit, which cyber criminals use to
harvest the information. The information was available for blackmarket
trade, along with the NeoSploit version 2 crimeware toolkit, a
malicious application specifically designed to abuse and trade stolen
FTP account credentials from numerous legitimate companies. The malware
is subsequently distributed to other criminals who use the malicious
code on high traffic Web sites for their own financial gain.
The whole package, which includes the FTP
server credentials as well as the Neosploit malicious toolkit, acts as
Software as a Service for criminals because it supports multiple users,
Finjan researchers say. Attackers use a sophisticated trading interface
to classify the stolen accounts by the FTP server’s country of origin
and the compromised site’s Google page ranking. This information
enables attackers to determine cost of the compromised FTP credentials
for resale to cybercriminals or to leverage themselves in an attack
against the more prominent Web sites. Finjan researchers believe that
the amount of money that criminals pay for the malware is minimal,
likely in the neighborhood of $100. Attackers use the credentials to
infiltrate corporate Web servers in order inject crimeware onto the
legitimate servers of public companies, government agencies and
financial institutions to steal critical information such as pass
codes, bank account and social security numbers.
Source: CRN
