Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Spam, Malware and FTP cracks

2008-07-25 23:19:00 UTC   |   by Chris Thompson   |  
Recent News Articles

Poor sending practices trigger a tidal wave of informational listings

Spamhaus Botnet Threat Update: Q4-2021

SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up

Spamhaus Botnet Threat Update: Q3-2021

Spammer Abuse of Free Google Services

Spamhaus Botnet Threat Update: Q2-2021

Emotet Email Aftermath

Wordpress compromises: What's beyond the URL?

Older News Articles:
Spamhaus News INDEX

There is lots of spam going around with funny subjects like "Mike Tyson to Fight Michael Jackson" or "Afghanistan to be 51st US State", or other equally absurd lines designed to hook unwary recipients into clicking the URL in the spam. Unfortunately, the results of following that link are not at all funny. The victim's computer will be infected with a Trojan horse, it will become part of a spam, malware and DDoS botnet, and all the user's personal data may be compromised. Those malware URLs are the infection path of large-scale attacks by cybercrime gangs to build their botnets.

The malware URLs themselves are hosted on cracked web servers, and those web server IP addresses often end up in SBL. Spamhaus has learned from admins of those systems that the common vector used by the attackers are FTP password cracks. Further, the attacks are not only on weak 'guessed' passwords, but the bad guys are sniffing passwords via other malware installations, so even good, strong passwords are vulnerable. Remember, FTP transmits passwords 'in the clear', not encrypted!

The way for those website owners to protect their systems is to use a protocol which protects their passwords with encryption, either SFTP (SSH File Transfer Protocol) or FTPS (FTP over SSL/TLS). There are many good secure FTP clients available. We can't list them all but two popular, free, open-source clients for several operating systems are available from FileZilla (and a Windows server) and PuTTY PSFTP.

ISPs and hosting companies, please encourage all your customers to switch to secure FTP immediately, including server support on your end. It protects everybody, including your customers and the Internet at large!

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Spam, Malware and FTP cracks

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2023 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy