(Prevx Research) ZBot data dump discovered with over 74,000 FTP credentials

In case anyone hasn't seen this yet, we stumbled upon quite a dangerous heap of data harvested from a trojan infection - article below:

http://www.thetechherald.com/articl...p-discovered-with-over-74-000-FTP-credentials

 

I read this at your blog and was shocked.

Very effective method of infecting a lot of users!

 

Nice catch.

 

Do I assume correctly, that these login credentials were harvested from infected users, and not from the site itself, eg, disney.com?

EDIT:

Here is another article - it cleared things up for me:

FTP login credentials at major corporations breached
http://www.securecomputing.net.au/N...edentials-at-major-corporations-breached.aspx

Another question: Is it common to log in to an account using ftp? Why?

By the way, Note the attack vectors:

thanks,

rich

 

The login credentials came from infected employees who had logins directly to the servers (i.e. network administrators/web managers).

FTP does appear to be popular, and a number of the attacks appear to be targeted and carefully socially engineered which is what makes them more effective.

 

Can it be determined whether the infected systems were company computers on the network, or employees' personal computers?

thanks,

----
rich

 

I don't think we're able to determine that.

 

Thanks - just curious because I've been interested in 'targeted' attacks, which usually implies a compromised organization email list. Here is a recent one:

Targeted e-mail attacks asking to verify wire transfer details
http://isc.sans.org/diary.html?storyid=6511

Who knows how many other databases there are out there such as the one you discovered!

----
rich