FTP Hacking on the Rise 212
yahoi writes "The disco-era File Transfer Protocol (FTP) is making a comeback, but not in a good way — spammers are now using the old-school file transfer technology to serve up bot malware, and even as a backdoor into some enterprises that neglect to lock down their oft-forgotten FTP servers. Researchers at F-Secure have spotted a new wave of exploits that use FTP — rather than a malicious URL, or an email attachment — to deliver their malware payloads because few gateways scan for FTP attachments these days."
FTP through email (Score:5, Interesting)
Now you have email viruses delivered via FTP. Cool.
Yeah I'm old - get off my lawn!
Re:Uh oh (Score:3, Interesting)
Re:FTP attachments? (Score:3, Interesting)
OK. Via spam, F-Secure found a malware web page with an ftp link. They think this is going to be a trend. Some businesses proxy http connections, and scan downloads for viruses. They believe that malware authors will shift away from http to ftp because there is a less likely chance that downloads will be scanned.
I don't see this happening. It is speculation, and I think malware authors will just use whatever servers they have access to, or whatever they know how to set up. Few organizations scan http or ftp files that go through their gateways.
To be fair to F-Secure, though, they used tech terms correctly. They properly distinguished between email attachments, http, and ftp. They didn't use the word URL in the entire article. The reporter (or possibly CmdrTaco) likely didn't fully understand what the article says, and thought, "ZOMG!! NEW HAX ATTACKS!! MUST ALERT SLASHDOT!!!"
3rd Party Services (Score:2, Interesting)
What the article infers... (Score:3, Interesting)
I have gotten fake hallmark cards in the past, and only because the URLs were obviously not hallmark did I check the headers. Transform this into a malware that installs a back door, grabs your address book, then sends the address book full of trusted names back to the originator. Now you have an email from a trusted source that has URLs to a trusted site to help spread it.
Maybe I shouldn't have typed all that out.....
I'm a victim (Score:2, Interesting)
As it turns out, my hosting provider doesn't offer any real real capacity to disable anonymous FTP and I had to set the maximum allowed data transfer amount to 0KB for anyone except myself.
It is a big deal knot. (Score:2, Interesting)
It's a peculiar Americanism. There is robbing, but there's also robing as in the opposite of to disrobe. Raping and rapping are formed from rape and rap respectively, so there's where ambiguity steps in to set the rule. However, it is impelling and not impeling, or even compelling and not compeling. Is it the rule to limit how many repeated adjacent letters you have in a word? There's potterring (Brit.) and pottering (US) but there is only puttering and not putterring anywhere?
For me, it's trust the spell checker, but when in doubt verify. I'd rather have consistent rules, but English is such a mongrel language anyway, borrowing words everywhere. It's annoying, but at least it isn't annoyying.