Malicious code just found on web server

Date: Mon, 20 Apr 2009 10:52:57 -0700
From: Paul Ferguson <>

>> But if you figure out how they got write access to a static website, I'd
>> love to hear it.
> Compromised FTP credentials would be my guess. They can be obtained
> by brute force attacks or credential stealing trojans.

Yeah, it could have been any number of ways -- there has also been a huge
increase of SSH brute-force attacks in the past few weeks: Internet Storm Center - SANS Internet Storm Center

And, from several reports (including my own), they (brute force ssh
attacks) seem to have stopped at about 22:30 UTC on the 19th. (Not that
this is really relevant to the thread.)