Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security IT

FTP Hacking on the Rise 212

Posted by CmdrTaco from the how-long-before-a-protocol-becomes-retro dept.
yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."
This discussion has been archived. No new comments can be posted.

FTP Hacking on the Rise More

FTP Hacking on the Rise

Comments Filter:

  • FTP through email (Score:5, Interesting)

    by whitehatlurker ( 867714 ) on Wednesday March 12, 2008 @11:15AM (#22728378) Journal
    This has come full circle - back before internet connectivity was so wide spread, there were a few ftp via email gateways. (Yes, there were other networks alongside the internet.) You'd send your ftp commands and get email back (a few days later or the next week) with the uuencoded result.

    Now you have email viruses delivered via FTP. Cool.

    Yeah I'm old - get off my lawn!

  • Re:Uh oh (Score:3, Interesting)

    by Critical Facilities ( 850111 ) on Wednesday March 12, 2008 @11:21AM (#22728446)
    Yeah, cause no one [networkworld.com] uses [gatech.edu] FTP [leo.org] anymore [redhat.com], right [slackware.com]?

  • Re:FTP attachments? (Score:3, Interesting)

    by WK2 ( 1072560 ) on Wednesday March 12, 2008 @11:32AM (#22728608) Homepage

    Can anybody translate this into something that makes sense?

    OK. Via spam, F-Secure found a malware web page with an ftp link. They think this is going to be a trend. Some businesses proxy http connections, and scan downloads for viruses. They believe that malware authors will shift away from http to ftp because there is a less likely chance that downloads will be scanned.

    I don't see this happening. It is speculation, and I think malware authors will just use whatever servers they have access to, or whatever they know how to set up. Few organizations scan http or ftp files that go through their gateways.

    To be fair to F-Secure, though, they used tech terms correctly. They properly distinguished between email attachments, http, and ftp. They didn't use the word URL in the entire article. The reporter (or possibly CmdrTaco) likely didn't fully understand what the article says, and thought, "ZOMG!! NEW HAX ATTACKS!! MUST ALERT SLASHDOT!!!"

  • 3rd Party Services (Score:2, Interesting)

    by boris111 ( 837756 ) on Wednesday March 12, 2008 @11:33AM (#22728616)
    Speaking of FTP I was appalled the other day when my girlfriend told me their small company is paying $100 a month for a service [ftptoday.com] to use FTP for their clients. This service has a space limit of 300 MB!!! With GMAIL and Yahoo email offering unlimited storage this seems unbelievably small.

  • What the article infers... (Score:3, Interesting)

    by johnlcallaway ( 165670 ) on Wednesday March 12, 2008 @11:38AM (#22728670)
    It sounds like that 'trusted' sites have been hacked, and that nefarious forces may place files on those trusted sites, then send emails that look authentic. That is, the email looks like it is from a responsible site and has an FTP URL for that site, but the file on the trusted site contains malware of some type.

    I have gotten fake hallmark cards in the past, and only because the URLs were obviously not hallmark did I check the headers. Transform this into a malware that installs a back door, grabs your address book, then sends the address book full of trusted names back to the originator. Now you have an email from a trusted source that has URLs to a trusted site to help spread it.

    Maybe I shouldn't have typed all that out.....

  • I'm a victim (Score:2, Interesting)

    by TheGreatOrangePeel ( 618581 ) on Wednesday March 12, 2008 @01:19PM (#22729844) Homepage
    I fell victim to an FTP security issue in January of last year. The hosting provider for my website allows for anonymous FTP by default and an organization of hackers was able to use this to upload files which somehow enabled them to edit content on my Drupal powered website (I've seen Wordpress sites fall victim to the same hack). All they did was a meta-redirect, but I had about a week of downtime as I restored from dated backups and got technical questions answered on the Drupal.org forums.

    As it turns out, my hosting provider doesn't offer any real real capacity to disable anonymous FTP and I had to set the maximum allowed data transfer amount to 0KB for anyone except myself.

  • It is a big deal knot. (Score:2, Interesting)

    by HTH NE1 ( 675604 ) on Wednesday March 12, 2008 @04:10PM (#22732102)
    Firefox spell-check agrees: two Ns, one L in "tunneling". Further, no ambiguity is introduced by not doubling the L.

    It's a peculiar Americanism. There is robbing, but there's also robing as in the opposite of to disrobe. Raping and rapping are formed from rape and rap respectively, so there's where ambiguity steps in to set the rule. However, it is impelling and not impeling, or even compelling and not compeling. Is it the rule to limit how many repeated adjacent letters you have in a word? There's potterring (Brit.) and pottering (US) but there is only puttering and not putterring anywhere?

    For me, it's trust the spell checker, but when in doubt verify. I'd rather have consistent rules, but English is such a mongrel language anyway, borrowing words everywhere. It's annoying, but at least it isn't annoyying. ;D

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close