A small number of our Internet Consultancy clients access their own websites using an ftp program (ftp = File Transfer Protocol). This is a seemingly simply program that allows you to copy files backwards and forwards to your website from your PC or Mac. For smaller businesses there is a great attraction to use a free product, such as Filezilla or CuteFTP (at WebSanity we use an excellent commercial program called SmartFTP – which we would recommend in preference every time).
Part of the way these programs work is to store a user name and password to access your web site(s). Of course you would NEVER store unencrypted passwords on your computer but unfortunately we found out recently that Filezilla does exactly that (other more professional ftp programs encryt such data).
This vulnerability is seemingly well known by virus writers and we have just encountered a case of a client who unfortunately had ‘caught’ some malware (a virus designed to harvest information from a machine, not to destroy it) – in theory not possible because they claimed to be running anti-virus software! This malware knew that Filezilla didn’t encrypt its passwords and so harvested them and then used them to inject hidden malware code into all their websites.
The client had to delete Filezilla, change all their ftp passwords and reformat the machine to remove the malware – removing these isn’t just a case of deleting a single file! We have then had to write a custom script on their behalf, installed onto each of their websites, to scan every website for any instances of the “iframe code injection” that the malware had created: otherwise it would have meant checking hundreds, if not thouands, of files by hand.
Lessons to be learnt:
- Make sure you have up to date anti-virus software;
- Run a full virus scan once a week;
- Get some malware checking software if your virus software doesn’t check for this;
- Keep a backup of ALL your files;
- Use a quality firewall and READ the alerts it gives you;
- Don’t use Filezilla – it is insecure!