on the other side of the universe on Neosploit's "purpose in life" :
"The information was available for blackmarket trade, along with the NeoSploit version 2 crimeware toolkit, a malicious application specifically designed to abuse and trade stolen FTP account credentials from numerous legitimate companies."
Robert Lemos is however, reasonably pointing out that :
"The tool, which is at least a year old, was described by antivirus firm Panda Software in June 2007."
Key summary points :
Your situational awareness about the emerging threatspace is as always up to the information sources that you use, or still haven't started using. My point is that exposing Pinch in the summer of 2007 despite that the tool's been around since 2004/2005, and exposing this malicious FTP account checker and IFRAMEs embedder in February, 2008, when it hasn't been updated since February, 2007, greatly contributes to the development of a twisted situational awareness. Realizing it or not, with the time, security researchers or intelligence analysts establish a very good sense of intuition about what's happening at a particular moment in time, or what will be happening anytime now. And using stolen FTP accounts for embedding IFRAMEs never picked up as a tactic, compared to using the stolen FTP accounts for hosting blackhat SEO content. Scenario building intelligence, or playing the devil's advocate, it's a mindset only a small crowd possess.