Comments on: 10 FTP Clients Malware Steals Credentials From

By: SiriuS

SiriuS — Wed, 06 Jan 2010 10:21:58 +0000

Total Commander 7.50 uses Master password to encode its FTP passwords.

By: Malware suite et fin « Documentation Mainframe

Malware suite et fin « Documentation Mainframe — Sun, 27 Dec 2009 23:55:04 +0000

[...] Merci aux sympathiques twittos qui m’ont conseillés sur twitter, au final j’ai fait une réinstalle de mon OS, un scan complet, modifié mon password FTP et maintenant je ne conserve plus en mémoire mes identifiants/password dans mon client FTP, en effet ils sont lisibles en dur dans un fichier XML, je ne le savais pas, le malware si! Lire à ce sujet cet article très intéressant. [...]

By: Juan

Juan — Wed, 18 Nov 2009 20:22:44 +0000

I’m using WinSCP, it encrypts stored sessions by using a master password. Much more secure than Filezilla.

By: Sobre malwares, clientes FTP y Google at Webnova – Recursos Webmaster

Sobre malwares, clientes FTP y Google at Webnova – Recursos Webmaster — Mon, 16 Nov 2009 14:40:46 +0000

[...] que alguien tenía los datos de mis conexiones. Sigo investigando y el problema radica en que los perfiles de cuentas o credenciales de los clientes FTP son perfectamente "robables". O sea hay troyanos que se instalan en tu PC y que envían toda esta información de [...]

By: Denis

Denis — Tue, 10 Nov 2009 22:32:25 +0000

Probably unintentionally, this comment creates the impression that reading articles before commenting is not necessary ;-)

step 1 should be: read the blog post
step 2 should be: if you didn’t read the post, see #1.

The post says, that webmasters should remove malware from their computer and then change passwords and keep them secure.

Secure protocols were mentioned as a best practice since there are (other) trojans that sniff FTP traffic.

Anyway, your comment is absolutely correct. Thanks.

By: tom

tom — Tue, 10 Nov 2009 18:25:19 +0000

probably unintentionally, this article creates the impression that switching to secure ftp will help with this problem – it won’t!

if your computer is compromised and sending your ftp credentials to “the bad guys”, using secure ftp is only locking the barn door after the horse is long gone.

step 1 should be: kill the trojan! unless your computer is secured, it will send them off, no matter which protocol you use.

step 2 should be: don’t store ftp credentials on your computer. see number 1!

switching to secure ftp protocols is a good, but entirely different, subject.

By: Blog Tuna Deusto » infectado por un malware fopsl.cn

Blog Tuna Deusto » infectado por un malware fopsl.cn — Sat, 31 Oct 2009 00:32:28 +0000

[...] y también esta otra de unmaskparasites http://blog.unmaskparasites.com/2009/09/23/10-ftp-clients-malware-steals-credentials-from/ [...]

By: Denis

Denis — Sat, 17 Oct 2009 11:18:39 +0000

Rajiv,

Is it different from FTPS?

By: Rajiv Doshi

Rajiv Doshi — Fri, 16 Oct 2009 21:15:00 +0000

Besides FTP there are other options such as Accellion which uses SSL which provide more security for file transfer. Rajiv Doshi, Social Media Marketing Manager,

By: Chris

Chris — Fri, 02 Oct 2009 23:02:17 +0000

Thank you!

My hosting, HOSTGATOR, gave me this link. My website got infected several times. When I visited my site, my PC got infected. Imagine the users/public!

These malicious people who create such malware should be in jail the rest of their life.

Thanks for the info.