FTP Hacking on the Rise 212
yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."
Uh oh (Score:5, Insightful)
Big deal.. (Score:5, Insightful)
And then, this isn't about ftp being hacked, just that bad software is being hosted using ftp as well as http (which I presume is what is meant by 'URL' or being emailed.
And, ftp is not merely an ancient, deprecated protocol. It's still widely used because it does what is intended for well and works under high load readily.
FTP attachments? (Score:5, Insightful)
because few gateways scan for FTP attachments these days.
Er, that's because there's no such thing as an FTP attachment? If you are referring to links, then I'm not aware of any virus checkers that automatically download and check HTTP links either.
Can anybody translate this into something that makes sense?
FTP Attachment? (Score:3, Insightful)
Doesn't make sense.
NEXT! (Score:4, Insightful)
Re:Uh oh (Score:5, Insightful)
Re:F-Secure are FUDmeisters (Score:4, Insightful)
"This wasn't done as a sales pitch, but buy our Gatekeeper software!"
So what's the major difference between an FTP hosted file and a HTTP hosted file for most people? Either way it downloads a file from a site that they can be convinced to run. Sounds all about the same to me.
Re:Big deal.. (Score:3, Insightful)
Stuffing everything in a big compressed file sucks for dial up users, ftp has its purpose.
Re:Uh oh (Score:5, Insightful)
Re:Big deal.. (Score:5, Insightful)
Re:Uh oh (Score:3, Insightful)
And being one of the most widely used protocols doesn't mean it's not for chumps. It just means there are a lot of chumps.
Nothing wrong with ftp (Score:4, Insightful)
What is wrong is that there are ftp servers allowing anonymous write access. That is how those miscreants work: they put a malicious file up on an anonymous ftp server (that allows write access) and then craft ftp URLs to spam people with.
I remember we warned all ftp server administrators about the issue 10 or more years ago, back when I was a rookie.
Of course scp/sftp is way better, everyone knows that. Or not?
Re:FTP is BAD! About DAMN time THAT makes press (Score:3, Insightful)
PS: The typical way to anonymously access and FTP server is using the "guest" or "anonymous" usernames and any e-mail address as password. This is actually the way a browser will access an ftp:// [ftp] URL.
Re:Dear Internets (Score:3, Insightful)
Re:What's next? (Score:3, Insightful)
Actually Lynx, Camino, Konqueror, Firefox, Mozilla/Seamonkey suite, and IE7 can all handle Gopher.