Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTP Hacking on the Rise

Posted by CmdrTaco on from the how-long-before-a-protocol-becomes-retro dept.

yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."

9 of 212 comments (clear)

  1. What's next? by Anonymous Coward · · Score: 5, Funny

    Gopher?

    1. Re:What's next? by gnick · · Score: 5, Funny

      Gophers are actually not that hard to hack, although most of my experience is with prairie dogs. About 250 yards out with a decent scope and 'opening a port' is not that hard. Known exploit.

      --
      He's getting rather old, but he's a good mouse.
  2. Big deal.. by Junta · · Score: 5, Insightful

    First off, since when is a 'URL' considered a transport mechanism rather than syntax for specifying a transport mechanism and location? Is ftp://whatever.example.com/badcode/ not a URL because it's ftp now? That's a goofy statement.

    And then, this isn't about ftp being hacked, just that bad software is being hosted using ftp as well as http (which I presume is what is meant by 'URL' or being emailed.

    And, ftp is not merely an ancient, deprecated protocol. It's still widely used because it does what is intended for well and works under high load readily.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  3. Different protocol, but same stupidity by DigitalSorceress · · Score: 5, Informative

    Well, for my money, anyone who blindly clicks on a link.... FTP or HTTP and runs an executable that comes from it is going to get infected regardless of what protocol was used for it.

    The fact that a lot of gateways prevent certain actions based on the protocol just makes the "any key" users blindly click on stuff without worry - after all, they've "got protection"

    When it comes to any infection vector that involves social engineering, your brain (should you choose to use it) is your best virus protection.

    --

    The Digital Sorceress
  4. FTP attachments? by Anonymous Coward · · Score: 5, Insightful

    because few gateways scan for FTP attachments these days.

    Er, that's because there's no such thing as an FTP attachment? If you are referring to links, then I'm not aware of any virus checkers that automatically download and check HTTP links either.

    Can anybody translate this into something that makes sense?

  5. Re:Uh oh by B3ryllium · · Score: 5, Insightful

    Disco-era? It was first implemented in 1995. That's the New Kids era, not the Disco era.

  6. Re:Uh oh by ivan256 · · Score: 5, Insightful

    Some of us don't care to waste cycles encrypting data that doesn't need to be encrypted.

  7. Re:Uh oh by winkydink · · Score: 5, Funny

    Agree. The disco era ended sometime in the late 70's / early 80's. Of course, that's before half of the /. posters were born, so it's understandable that they wouldn't know this.

    Hey! You! Get off my lawn!

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  8. Re:Uh oh by Anonymous Coward · · Score: 5, Funny

    The disco era ended sometime in the late 70's / early 80's. It didn't end, it just got too cool for you.

    -- Disco Stu