« Ad Hoc File Transfer Explained | Main | DMZ File Transfer Streaming »

March 13, 2008

Phishing looks to FTP to distribute malware

Many phishing emails received today include an attachment or HTTP link designed to get users to install some malware (virus).  Fortunately most system administrators have been able to combat this by using SMTP and HTTP gateway products which detect viruses before they get to the end users system.

However, in this constant battle of good v.s. evil the bad guys have gotten smarter and are now distributing malware via FTP.  This malware distribution is partly enabled by browsers and HTML enabled email clients which support FTP URL's.  FTP URL have the following format:

ftp://user:password@host:port/path

FTP URL's may be used in HTML pages and HTML formatted email messages making them appear just like any other standard HTTP hyperlink.  In order to get around the HTTP and SMTP gateways, phishers have started to use FTP URL's in their email messages.  Since the FTP protocol is not scanned by HTTP and SMTP gateways malware can go undetected by gateway software.

At the source of the issue, many of the FTP servers that are distributing malware are rogue servers compromised using brute force password attacks.  In fact, recently a database of 8,700 compromised accounts was discovered, many belonging to Fortune 500 companies.  Brute force password attacks are automated and try to gain access to an FTP server by using common usernames and passwords.  FTP servers that do not protect against this kind of attack or enforce password policies can be vulnerable to these types of attack.  Additionally, given that brute force attacks may require several thousand login attempts they can be a huge drain on server and network resources.

Using JSCAPE Secure FTP Server you can easily configure your FTP server so it is not vulnerable to this type of attack. 

For information on configuring your server to prevent these types of attacks please see the following documentation links:

http://www.jscape.com/secureftpserver/docs/settingconnectionpreferences.htm

http://www.jscape.com/secureftpserver/docs/defining_password_compliance.htm

Posted at 05:14 PM in Articles |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/2925084/27077648

Listed below are links to weblogs that reference Phishing looks to FTP to distribute malware:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In