The Spamhaus Project


Spam, Malware and FTP cracks

by The Spamhaus TeamJuly 25, 20082 minutes reading time

There is lots of spam going around with funny subjects like "Mike Tyson to Fight Michael Jackson" or "Afghanistan to be 51st US State", or other equally absurd lines designed to hook unwary recipients into clicking the URL in the spam. Unfortunately, the results of following that link are not at all funny. The victim's computer will be infected with a Trojan horse, it will become part of a spam, malware and DDoS botnet, and all the user's personal data may be compromised. Those malware URLs are the infection path of large-scale attacks by cybercrime gangs to build their botnets.

The malware URLs themselves are hosted on cracked web servers, and those web server IP addresses often end up in SBL. Spamhaus has learned from admins of those systems that the common vector used by the attackers are FTP password cracks. Further, the attacks are not only on weak 'guessed' passwords, but the bad guys are sniffing passwords via other malware installations, so even good, strong passwords are vulnerable. Remember, FTP transmits passwords 'in the clear', not encrypted!

The way for those website owners to protect their systems is to use a protocol which protects their passwords with encryption, either SFTP (SSH File Transfer Protocol) or FTPS (FTP over SSL/TLS). There are many good secure FTP clients available. We can't list them all but two popular, free, open-source clients for several operating systems are available from FileZilla (and a Windows server) and PuTTY PSFTP.

ISPs and hosting companies, please encourage all your customers to switch to secure FTP immediately, including server support on your end. It protects everybody, including your customers and the Internet at large!