Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
According to a report in The Register, Jacques Erasmus, CTO at UK-based Prevx, discovered a site where a trojan is uploading FTP login credentials from more than 68,000 websites. Once an individual's PC is infected with the trojan, that user's stored FTP login credentials are harvested. An attacker can then log in to the FTP site. The logins are believed to have been stolen during the last two weeks and some are thought to still be valid. Erasmus said the compromised sites would then be vulnerable for hackers to upload drive-by download scripts and other malware. A variant of the ZBot trojan, hosted on a server in China, is said to be receiving the uploaded FTP credentials in plain text, making it simple for cybercriminals to gather up the data. First detected in September 2007, ZBot is already notorious for capturing keystrokes to obtain login credentials, along with credit card or other sensitive information. "It's a never-ending battle," Ivan Macalintal, threat researcher manager at Trend Micro, told SCMagazineUS.com. Zbot, aka Zeus, is an infamous information-stealer that usually comes via a drive-by download on a compromised website, he said. "We're also seeing it being deployed by email with a malicious link or attachment," Macalintal added.Recent variants came disguised as an email that claimed to be a critical update for Microsoft Outlook. Some variants of the trojan are also capable of getting snapshots of an infected user's system, Macalintal said.The rise in this type of trojan may be due to the fact that kits are being sold in the cyber underground that allow attackers to create their own trojans and customize them to configure what stored information they need, and how it will be sent back to the creator, Macalintal said.As far as what can be done to defend against attacks, Macalintal listed the traditional antidotes: don't click on suspicious, unsolicited links; browse safely and securely using good web filtering; update patches; and use safe computing practices. In the case of last week's scam involving Microsoft updates, he said that end-users should remember that vendors do not send updates via email.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.