Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
Loading site search ...

Tweet Week: January 17 – January 23, 2011

25 Jan 11   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Google’s anti-malware and webspam efforts, StopBadware asks for your comments, FileZilla trick, etc.. »»

10 FTP Clients Malware Steals Credentials From

23 Sep 09   Filed in Tips and Tricks with 20 Comments

This year, most successful malware attacks against legitimate websites used stolen FTP credentials. I always suggest that you don’t store passwords in your FTP programs where they are easily accessible by any program running on your computer (including malware). For example, in FileZilla, FTP passwords are stored as plain text in configuration files. And FileZilla is not the only FTP client malware authors target in their hunt for website credentials.

In the recent post about Quicksilver malware network, you can read that the trojan behind the infamous iframe injection attack “looks for all kinds of configuration files of ftp programs in their default install paths“. I contacted the researcher and asked if he had a full list of the FTP clients this malware looks for.
And here’s the list »»

Beware: FileZilla Doesn’t Protect Your Passwords

01 Sep 09   Filed in Tips and Tricks with 39 Comments

2009 is the year of malware attacks that use stolen FTP credentials to infect legitimate web sites. Hundreds of thousands websites have been hacked this way and suffered from hidden iframe injections, Gumblar, redirections to bogus anti-virus sites, etc.

The success of those attacks is based on the fact that a significant percentage of web surfer are webmasters and site owners themselves. Once a computer of a site owner is infected, malware can steal his/her FTP credentials and use them to make the site distribute malware to unsuspecting visitors, who, in turn, may also be site owners.  As a result, we see rapid growth in number of compromised websites.

There are quite a few hypotheses about how cibercriminals steal the credentials: traffic sniffing, using keyloggers, etc. But the most viable is that trojans simply extract everything they need from configuration files of popular FTP programs.  Let me show how easy it can be done.
Continue »»