Hackers Sweep Up FTP Credentials For the New York Times, UNICEF and 7,000 Others

SpacemanukBEJY.53u writes "Alex Holden of Hold Security has come forward with a significant find: a 7,000-strong list of FTP sites run by a variety of companies, complete with login credentials. The affected companies include The New York Times and UNICEF. The hackers have uploaded malicious PHP scripts in some cases, perhaps as a launch pad for further attacks. The passwords for the FTP applications are complex and not default ones, indicating the hackers may have other malware installed on people's systems in those organizations."

A standard multi-layer attack

[Opportunist]

Pretty common today, I am kinda surprised this is news.

Basically what happens is that you get a few passwords, fire them against some servers that you know or assume the person it belongs to has some kind of access to (people routinely reuse passwords), if you get access to some webpage, slip in some code that loads malware to infect everyone visiting the webpage, rinse and repeat.

It would be interesting to model the "spread" of this way of password gathering. I wouldn't be surprised if it would show similar patterns to the spread of a (RL) infection.

Related to malicious filezilla?

[chalkyj]

http://it.slashdot.org/story/1... May be related to something like this.

Incomplete summary

[sootman]

The summary was missing a couple important words. I've added them below:

The passwords for the FTP applications, which are transmitted unencrypted because that's just how FTP is and it doesnt matter if your password is "kjasdfkljlYSU87fyue847thIP&SH&&CDFO$Wfhi7qe4h5fo78aegh4fai7oshc7o8vae4hf84" or "correct horse battery staple" because a third-grader could sniff the traffic with decade-old tools, are complex and not default ones

Re:"Credentials"

[Sockatume]

Finds comp sci terminology nauseating, uses term "douchiness".