Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTP Hacking on the Rise

Posted by CmdrTaco on from the how-long-before-a-protocol-becomes-retro dept.

yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."

4 of 212 comments (clear)

  1. Different protocol, but same stupidity by DigitalSorceress · · Score: 5, Informative

    Well, for my money, anyone who blindly clicks on a link.... FTP or HTTP and runs an executable that comes from it is going to get infected regardless of what protocol was used for it.

    The fact that a lot of gateways prevent certain actions based on the protocol just makes the "any key" users blindly click on stuff without worry - after all, they've "got protection"

    When it comes to any infection vector that involves social engineering, your brain (should you choose to use it) is your best virus protection.

    --

    The Digital Sorceress
  2. FTP is BAD! About DAMN time THAT makes press by spitek · · Score: 4, Informative

    Clear TXT PASSWD = BAD Might as well bend over. I've made my hosting customers use SFTP/SCP for YEARS. Been very happy I have. Just like POP3 one day.. IF we are lucky people will stop using it. It's like sending your tax return to the IRS in a clear envelope with your name birth date and SS # showing. Just plan STUPID!

  3. Re:Uh oh by fizzup · · Score: 4, Informative

    I think you may have misunderstood. RFC 114 refers to FTP, which is from the 70s. The poster was talking about scp, which is certainly from the mid-90s.

    Now, whether 1971 counts as disco-era is another question. I would say that it is pre-disco, since every school child knows that the disco era started with Soul Makossa in 1973.

  4. Re:Uh oh by HTH+NE1 · · Score: 4, Informative

    Hmm, scp has built-in support for transfering an entire directory with one command natively, but sftp can be used to transfer files between two servers while being controlled from a third site such that the transfer doesn't pass through the controlling client (useful for maintaining from a dial-up connection two high-speed servers that don't grant shell access).

    Decisions, decisions.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?