Researchers from Hold Security have discovered more than 7,000 FTP sites have been compromised by to infect malware or to attempt to compromise connected web services.
“Hackers planted PHP scripts armed with backdoors (shells) and viruses in multiple directories hoping that these directories map to Web servers of the victim companies to gain control of the Web services,” the company explained. “They can also upload HTML files with redirects to malicious sites which can infect millions of websites”
“The victim companies hosting exploited FTP sites are spread across the spectrum – from small companies and individual accounts with ISPs to major multi-national corporations,” noted the researchers.
Its unclear how the hack might have taken place because a lot of complex passwords were involved. Its possible that malware was infected on the client machine to steal the ftp credentials. Its also possible that many even use Anonymous login which can be some part of this hack too.
Alex Holden, the company’s CISO, shared with Jeremy Kirk that among the compromised FTP servers, some belonged to The New York Times and UNICEF. The known organisations were notified to fix the issue.
However the dark side of this security company is that, they haven’t released the company names openly. This is definitely a concern because the company has kept a lot of organisation in the dark. Publishing company names could have helped companies to fix the issue rather than assuming or waiting for something to go wrong.
GameOver Zeus is a notorious malware family that makes fraudulent transactions from your bank accounts from the infected host. A new variant of GameOver Zeus uses encryption to hide itself while propagation which makes it almost impossible to be detected by modern day antivirus. The malware encrypts itself so well that it can pass the […] Continue reading →
Sophos, the antivirus and encryption products company recently released the ‘Dirty Dozen’ Spampionship tables for the Q4 of 2013. According to Sophos, United states has topped the charts with a 14.5% spam relaying volume. Although it is no matter to celebrate, these results are not completely surprising given that United States is one of the […] Continue reading →
As per The German Federal Office for Information Security (BSI), 16 Million user information was compromised by a major Botnet. The theft was discovered by analyzing a massive botnet. A website has been setup by The Federal Office of Information Security where people can check if their email accounts have been compromised. Any concerned user can […] Continue reading →
Can you imagine your home television becoming a zombie ? As scary as it sounds , the reality is in front of us. Most of the current day televisions, refrigerators, surveillance devices and temperature control devices( Internet of Things- IoT) are all part of a home network, which in turn connects to the internet. None […] Continue reading →
With the rise of Bitcoin media publicity, fraudsters are finding new ways to get their share of piece of it. Recently mass targeted scam/phishing email is being delivered to users email addresses whose might have been scraped from popular Bitcoin sites or stolen in security breaches: As per Logrhythm security researchers, […] Continue reading →
DHL fake phishing email has been around for a while. A new set of emails has been going around since last week. Arun from Mobilesecurityrearch received a email from DHL which almost […] Continue reading →
Its yet another day for twitter lost the battle for spammers. Mobile Security research saw a increased number of spam emails sent from twitter accounts to anyone from their contact list. When one of researcher found spam email in his personal box, he was surprised. Even I received a spam email from one our researchers. […] Continue reading →
Phpbb is a free online forum available and thousands love using it in different ways for exchange of ideas, discussions or build a business. However the spammers are equally busy running auto bots which can create users , fill up captcha and post their own spam topic. In a recent research at mobilesecurityresearch, we […] Continue reading →