More than 8,700 FTP log-in names and passwords are being peddled at an online auction site for stolen goods, according to defense firm Finjan. The site includes software that lets criminals hack Web servers and automatically inject crimeware that infects visitors to the Web site.

Some of the info opens a back door into Fortune 500 companies in manufacturing, telecom, media, online retail and IT, as well as government agencies. The stolen FTP accounts include some of the world’s top 100 domains as ranked by Alexa.com.

Putting a Price on Stolen notes

Finjan’s Malicious cipher Research Center detailed the workings of the software, dubbed the NeoSploit 2 toolkit, that is designed to exploit and trade FTP history credentials stolen from valid companies.

Here’s how it works: The software uses an eBay-like trading interface to qualify the stolen accounts in terms of the country where the server is located and the Google page ranking of the compromised

server. Cybercriminals use the info to set a price for the compromised FTP credentials so they can be resold to other cybercriminals or adjust an attack on more prominent sites. The software plus allows cybercriminals to use the FTP credentials to automatically inject HTML IFrame tags into Web pages on the compromised server.

“Software as a service (SaaS) has been evolving for sometime, but until now it has been applied only to valid applications. With that new trading application, cybercriminals have an instant ’solution’ to their ‘problem’ of gaining access to FTP credentials and thus infecting both the valid Web sites and its unsuspecting visitors. All of that can be easily achieved with just one push of a button,” said Yuval Ben-Itzhak, CTO of Finjan.

According to Finjan, the NeoSploit 2 toolkit marks a serious escalation of crimeware potential, since it uses the SaaS business model.

The fact that cybercriminals…

Orginal post by Top Tech News