Finjan said it has uncovered a database with more than 8,700 FTP account credentials--user name, password and server address--that allow hackers to compromise security and deliver malware as a service.PDF and registration required), Finjan outlines the inner workings of this newfangled threat called Neosploit 2.
What's notable about this development is that hackers are using a software as a service (SaaS) model to deliver applications that are designed to abuse and trade FTP accounts. According to Finjan, this database may be the first use of SaaS for something other than legitimate means. Maybe we could call it HaaS: Hacking as a service.
Here's a model of how this threat works:
Finjan said its researchers managed to obtain some of the attacker’s server side components to reach the following conclusions: