From hakin9.org
Jacques Erasmus, CTO at Prevx, an internet security vendor headquartered in the U.K., discovered a site where a trojan is uploading FTP login credentials from more than 74,000 websites. Among the affected FTP login data are major corporations including Bank of America, BBC, Amazon, Symantec and McAfee. The trojan, a variant of Zbot, main purpose is to harvest stored FTP login credentials to send them to servers located in China. According to Erasmus, the final purpose of this attack is to get access to websites source codes injecting evil Iframe that would spread the malware further. The Zbot trojan has been in use for some time to carry on different types of illegal and also remunerative activities: installing spyware and adwares and
phishing emails mainly.