Keywords for gaining attention from a marketing perspective for last week - embedded malware, IFRAMEs, stolen FTP accounts, Fortune 500 companies, Russia. Nothing's wrong with that unless of course you're interested in the whole story and the big picture, which wouldn't be excluding the possibility for having a Fortune 500 company's servers acting as C&Cs for a large botnet. Why are Fortune 500 servers excluded as impossible to get hacked at the first place, making it look like that the amount of money spent on security is proportional with the level of security reached? The more you spend does not mean the more secure it gets if you're not allocating the money where they have to be allocated at, in a particular moment of time, given the dynamic threatscape these days.
on the other side of the universe on Neosploit's "purpose in life" :
"The information was available for blackmarket trade, along with the NeoSploit version 2 crimeware toolkit, a malicious application specifically designed to abuse and trade stolen FTP account credentials from numerous legitimate companies."
Robert Lemos is however, reasonably pointing out that :
"The tool, which is at least a year old, was described by antivirus firm Panda Software in June 2007."
Key summary points :
Your situational awareness about the emerging threatspace is as always up to the information sources that you use, or still haven't started using. My point is that exposing Pinch in the summer of 2007 despite that the tool's been around since 2004/2005, and exposing this malicious FTP account checker and IFRAMEs embedder in February, 2008, when it hasn't been updated since February, 2007, greatly contributes to the development of a twisted situational awareness. Realizing it or not, with the time, security researchers or intelligence analysts establish a very good sense of intuition about what's happening at a particular moment in time, or what will be happening anytime now. And using stolen FTP accounts for embedding IFRAMEs never picked up as a tactic, compared to using the stolen FTP accounts for hosting blackhat SEO content. Scenario building intelligence, or playing the devil's advocate, it's a mindset only a small crowd possess.