The stolen details are already in the hands of hackers who will be able to compromise servers and automatically push malware to users visiting the affected sites.
Many of the stolen accounts belong to Fortune-level companies in a wide range of industries, including manufacturing, telecoms, media, online retail, IT, as well as government agencies.
Finjan said that the stolen FTP accounts include some of the world's top 100 domains as ranked by Alexa.com.
Finjan's Malicious Code Research Center has discovered a new application especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world.
A trading interface is used to qualify the stolen accounts in terms of country of residence of the FTP server and Google page ranking of the compromised server.
This information enables cyber-criminals to work out costs for the compromised FTP credentials for resale to other criminals or to adjust the attack on more prominent sites.
The trading application also allows the cyber-criminal to manage FTP credential information to automatically inject iFrame tags to web pages on the compromised server.
"Software-as-a-service has been evolving for sometime, but has been applied only to legitimate applications until now," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"With this new trading application, criminals have an instant 'solution' to their 'problem' of gaining access to FTP credentials and thus infecting legitimate websites and unsuspecting visitors. All of this can be achieved with just one push of a button."