Many phishing emails received today include an attachment or HTTP link designed to get users to install some malware (virus). Fortunately most system administrators have been able to combat this by using SMTP and HTTP gateway products which detect viruses before they get to the end users system.
However, in this constant battle of good v.s. evil the bad guys have gotten smarter and are now distributing malware via FTP. This malware distribution is partly enabled by browsers and HTML enabled email clients which support FTP URL's. FTP URL have the following format:
ftp://user:password@host:port/path
FTP URL's may be used in HTML pages and HTML formatted email messages making them appear just like any other standard HTTP hyperlink. In order to get around the HTTP and SMTP gateways, phishers have started to use FTP URL's in their email messages. Since the FTP protocol is not scanned by HTTP and SMTP gateways malware can go undetected by gateway software.
At the source of the issue, many of the FTP servers that are distributing malware are rogue servers compromised using brute force password attacks. In fact, recently a database of 8,700 compromised accounts was discovered, many belonging to Fortune 500 companies. Brute force password attacks are automated and try to gain access to an FTP server by using common usernames and passwords. FTP servers that do not protect against this kind of attack or enforce password policies can be vulnerable to these types of attack. Additionally, given that brute force attacks may require several thousand login attempts they can be a huge drain on server and network resources.
Using JSCAPE Secure FTP Server you can easily configure your FTP server so it is not vulnerable to this type of attack.
For information on configuring your server to prevent these types of attacks please see the following documentation links:
http://www.jscape.com/secureftpserver/docs/settingconnectionpreferences.htm
http://www.jscape.com/secureftpserver/docs/defining_password_compliance.htm
Comments