New Site Manager Hack/Trojan Stealing Passwords in Filezilla
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2010-07-29 17:55
- First name: Dijitul
- Last name: Media
New Site Manager Hack/Trojan Stealing Passwords in Filezilla
Hello,
Im afraid to say we think there is a new virus doing the rounds that might be using the FileZIlla site manager to get FTP passwords and in turn hacking files and adding text to them like here; http://forum.filezilla-project.org/view ... 03&start=0
We first got it on the 9th July, and shortly after this post appears on WP guru
http://wpguru.co.uk/2010/07/the-drunkje ... rid-of-it/
We've added some stuff to it (new variation and the fact we think its owning site managers in filezilla) and thought i would bring it to yall's attention.
If anyone needs help removing it then please get in touch.
Im afraid to say we think there is a new virus doing the rounds that might be using the FileZIlla site manager to get FTP passwords and in turn hacking files and adding text to them like here; http://forum.filezilla-project.org/view ... 03&start=0
We first got it on the 9th July, and shortly after this post appears on WP guru
http://wpguru.co.uk/2010/07/the-drunkje ... rid-of-it/
We've added some stuff to it (new variation and the fact we think its owning site managers in filezilla) and thought i would bring it to yall's attention.
If anyone needs help removing it then please get in touch.
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Getting infected by a trojan is like purposely dropping the soap in prison.
-
- 500 Command not understood
- Posts: 2
- Joined: 2010-07-29 17:55
- First name: Dijitul
- Last name: Media
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Wow.
Check out your uber constructive reply
FYI - and for the attention of EVERY FILEZILLA USER
All your passwords (saved in site manager, OR ones used in quick connect) are stored on your pc whether or not you want them to be in PLAN TEXT
In the same location on all PC's
And a few viruses/Trojans we have reverse engineered recently are SPECIFICALLY targeting filezilla's stored passwords......
So thanks to FILEZILLA im having to move 200 + website to some other kind of ftp program, and also change them all as they could all have been stolen!
YOU HAVE BEEN WARNED!
Check out your uber constructive reply
FYI - and for the attention of EVERY FILEZILLA USER
All your passwords (saved in site manager, OR ones used in quick connect) are stored on your pc whether or not you want them to be in PLAN TEXT
In the same location on all PC's
And a few viruses/Trojans we have reverse engineered recently are SPECIFICALLY targeting filezilla's stored passwords......
So thanks to FILEZILLA im having to move 200 + website to some other kind of ftp program, and also change them all as they could all have been stolen!
YOU HAVE BEEN WARNED!
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
What steps are you doing to prevent getting infected by a trojan in the first place?
Even if you do not store any passwords at all, if you are infected by a trojan, that trojan would just sleep unnoticed until you enter your password. Once you are infected, it's game over. However, if you can prevent infection, you can even leave the secret coca cola formula in a plaintext document right on your desktop and tell all the bad guys in the world about it.
Even if you do not store any passwords at all, if you are infected by a trojan, that trojan would just sleep unnoticed until you enter your password. Once you are infected, it's game over. However, if you can prevent infection, you can even leave the secret coca cola formula in a plaintext document right on your desktop and tell all the bad guys in the world about it.
-
- 500 Command not understood
- Posts: 2
- Joined: 2010-07-30 12:07
- First name: RT
- Last name: Lijkwan
- Location: Rotterdam, NL
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
What's the exact map location in C:\Program Files\FileZilla FTP Client to find the stored passwords in plain text?dijitul wrote: All your passwords (saved in site manager, OR ones used in quick connect) are stored on your pc whether or not you want them to be in PLAN TEXT
In the same location on all PC's
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Two words: kiosk mode.
%APPDATA%\FileZilla on Windows, ~/.filezilla on other OS.What's the exact map location in C:\Program Files\FileZilla FTP Client to find the stored passwords in plain text?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Hi the issue really isnt the site manager part... yes it is understood that if you save your password in a program it is going to be stored somewhere (encrypted or unencrypted we can argue about which it should be all day). The issue is when using quick connect in filezilla it is storing all details (host/username/unecrypted password) in recentservers.xml without even telling you, i cant think of any program as popular as filezilla which stores all your login details without asking.
The first post was just to inform users of filezilla that malware is in the wild now that is stealing passwords from your recent connections using filezilla ,and recent can be weeks,months,years ago if you have not cleared the history.
Im guessing the smart reply from admin now will be "well only idiots use the same passwords for weeks,months,years etc" but noone is perfect.. im sure you yourself have been infected with some form of malicious code at some point.
Cheers
The first post was just to inform users of filezilla that malware is in the wild now that is stealing passwords from your recent connections using filezilla ,and recent can be weeks,months,years ago if you have not cleared the history.
Im guessing the smart reply from admin now will be "well only idiots use the same passwords for weeks,months,years etc" but noone is perfect.. im sure you yourself have been infected with some form of malicious code at some point.
Cheers
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
I never had any infections since I had access to the internet.
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Im sure you wouldnt admit it anyway.. you are obviously better than everyone else in the world!botg wrote:I never had any infections since I had access to the internet.
Im also curious to know if you still think your comparison of being infected by a trojan to purposely dropping the soap in prison is a good one? if you do you have a very poor understanding of the idea behind a trojan.
Cheers
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
In both cases something very bad is happening you don't want to happen. If you do know the risks of trojans but don't protect your system against infections, that's either due to stupidity or on purpose. I assume you are an intelligent person, so it's on purpose.
Protectin against trojans is not hard at all, only requires a bit of common sense such as keeping all your software up-to-date, not executing random e-mail attachments and so on. For example, if everybody would just follow these simple two steps given as example, global malware infection rate would likely drop by 99%.
Protectin against trojans is not hard at all, only requires a bit of common sense such as keeping all your software up-to-date, not executing random e-mail attachments and so on. For example, if everybody would just follow these simple two steps given as example, global malware infection rate would likely drop by 99%.
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Automatic "unpackers" do it for you! This is why an anti virus interface is needed to be included with FZ server! To be used with ClamAV for Windows. http://hideout.ath.cx/clamav/botg wrote:... not executing random e-mail attachments and so on...
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
Automatic unpackers execute email attachments?
Why would anybody ever install such a program? The risks are extreme with little to no benefit.
Why would anybody ever install such a program? The risks are extreme with little to no benefit.
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
dropping the soap on purpose would suggest that you wanted to be violated
anyway back to trojans, nowadays its not just as simple as dont double click the .exe etc, alot of viruses infect webservers and use 0day exploits to autorun themselves remotely, take the windows .lnk security hole, this was discovered because it was being used in the wild by malicious software! virus checkers can only be updated with known virus signatures.
Cheers
anyway back to trojans, nowadays its not just as simple as dont double click the .exe etc, alot of viruses infect webservers and use 0day exploits to autorun themselves remotely, take the windows .lnk security hole, this was discovered because it was being used in the wild by malicious software! virus checkers can only be updated with known virus signatures.
Cheers
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
So did you as microsoft suggested and disabled link icons till they can fix it?
Re: New Site Manager Hack/Trojan Stealing Passwords in Filez
that was just an example.... the problem was unknown by microsoft until it was discovered being used by malicious code!!botg wrote:So did you as microsoft suggested and disabled link icons till they can fix it?
the point im making is nothing is 100% safe and secure as you seem to think/beleive. its not just the good guys stepping through code looking for holes!