Hold Security is warning that hackers have compromised more than 7,000 FTP sites in order to plant malware or to compromise connected Web services.
“Hackers planted PHP scripts armed with backdoors (shells) and viruses in multiple directories hoping that these directories map to Web servers of the victim companies to gain control of the Web services,” the company explained. “They also uploaded HTML files with seamless redirects to malicious sites.”
The company says the sites were compromised using a wide range of different methods, including the use of stolen, publicized and default credentials.
“We urge companies to re-examine their FTP implementations to minimize possible credential abuse, malware uploads, and possible interconnectivity to other services, especially Web,” Hold Security stated.
PCWorld’s Jeremy Kirk reports that the hackers have been circulating the list of credentials on underground forums, and that FTP servers run by The New York Times and UNICEF were among those affected.