On 10/8/13 5:15 PM, li...@sbt.net.au wrote: > I'm still perplexed with access: the user claims no one else had ftp > password, ftp password was a random 8-char alpha/numeric string, > can there be any other reason that leaked password...?
There are several Windows PC viruses, including the common "Gumblar" family, that steal saved FTP passwords from files on the computer. They simply have a list of file locations where various FTP clients such as FileZilla and Dreamweaver store saved passwords. They scan all these locations and send any results back to a central server. Some of these viruses also incorporate network sniffing to detect FTP passwords. So even if the password was random and used only on a single computer, it may have been obtained by evildoers if the user checked a "remember this password" option or ever connected to a non-TLS FTP server. The user should scan any computer that ever used this password for viruses. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
