[admin]

Quote:

Security researchers discovered that new malicious code spread through the black market is making its way onto some of the largest corporate Web sites in the world. San Jose-based Finjan, a security company specializing in Web gateway solutions, announced today that it uncovered a database containing more than 8,700 harvested FTP account credentials, including usernames, passwords and server addresses, spread through a malicious toolkit, which cyber criminals use to harvest the information. The information was available for blackmarket trade, along with the NeoSploit version 2 crimeware toolkit, a malicious application specifically designed to abuse and trade stolen FTP account credentials from numerous legitimate companies. The malware is subsequently distributed to other criminals who use the malicious code on high traffic Web sites for their own financial gain.

The whole package, which includes the FTP server credentials as well as the Neosploit malicious toolkit, acts as Software as a Service for criminals because it supports multiple users, Finjan researchers say. Attackers use a sophisticated trading interface to classify the stolen accounts by the FTP server’s country of origin and the compromised site’s Google page ranking. This information enables attackers to determine cost of the compromised FTP credentials for resale to cybercriminals or to leverage themselves in an attack against the more prominent Web sites. Finjan researchers believe that the amount of money that criminals pay for the malware is minimal, likely in the neighborhood of $100. Attackers use the credentials to infiltrate corporate Web servers in order inject crimeware onto the legitimate servers of public companies, government agencies and financial institutions to steal critical information such as pass codes, bank account and social security numbers.


Source: CRN