FTP Client Passwords hacked: Beware
 

I use FileZilla and my server passwords were compromised and malicious code added to several of my sites. The code was an iframe link sending to a site in the Netherlands that put the Security Central virus on peoples computers. Nasty little bastard.

Virus or Malware scanners will not find it. It is an iframe link just after the body tag in infected sites. Only html and htm files.

Turns out, FileZilla does not encode anything and keeps your login data in an XML file that can be sniffed out. There are about 10 ftp clients susceptable to this and you can find more info at this link:

http://blog.unmaskparasites.com/2009...dentials-from/

Solution is not to let the ftp program to save your login info. Also switch to secure protocol. I have switched back to WinSCP.

Eeekkk! I use FileZilla. Thanks for the heads up.

using ftp also sends your passwords over the internet, in clear text.

I'm amazed that the adult industry doesn't use sftp or scp :2 cents:

This issue has been in several trojans/viruses/etc over a year.

Any program who offers free FTP/virtualhosting needs to be aware they will be plagued with this.

firewall the ftp too it helps

damage is done, secure yourself now

avast detects the virus http://www.avast.com/

also search for gumblar-family-virus-removal-tool there are some tools to automatically fix all files on your server

Seems more likely that you had an insecure script on one of your sites that lead to this.

FireFTP. Addon to FireFox. It has sftp built in (just needs to be selected). If your server doesn't support sftp (SSH), get on your host about it. FTP username/passes are sent over the net plain text. Packet sniffers can pick them up, and you're boned.

It's free,
-Chris

Lock down the FTP just to approved Ips

Nah im 99% its a pc side virus that steals the logins from the windows FTP client

SSH all the way and use Ws FTP pro

I have scanned my computers with a number of anti-malware programs and Norton but can't find any trace of a virus. These guys are slick.

I had a problem with some guys that work for me months ago
I am pretty sure its same one
It was something to do with Abobe PDFS if I remember correct
Some kinda exploit thing
Not sure if any anti virus even ever found it
Sorry I can not be of more help for you

ruff:, Northn sucks big time, try Avast, it's free for home use :)

ALL FTP IS SENT IN PLAIN TEXT.

You need to use SFTP or SCP.

Compromised server or local machine.... either way they were fucked from the very beginning... FileZilla wasn't the problem, same could be said for any software sending passwords via plaintext. :Oh crap

There is about 100 threads on this board about Filezilla passes being compromised. Get a real solution.


EDIT - Ok, maybe not 100, but several (and on other boards as well).

sftp :thumbsup

unless u ssl ftp :)
but thats still not 100% secure as the data build goes plain text first i belive :(

Afaik even if you used secure connection your FTP logins would be compromised since this is local exploit / malware! You need to patch your software and clean your PC. Secure connection helps when 3rd party has access to your connection and can monitor / analyze your Internet traffic.

Also you need to analyze FTP logs and see if files were modified through FTP service to make sure problem is not with some unpatched script on your server!

Yeah, what he said. CuteFTP Pro is another good one.

yep. Dont leave the desk top without it

WS FTP is the best... you get what you pay for