GEN:SID 1:547
Message POLICY FTP 'MKD ' possible warez site
Summary This event is generated when an attempt is made to create a directory name that begins with a space on an FTP server.
Impact Unauthorized file storage.  An attacker may attempt to create a directory name that begins with a space on an FTP server, possibly in preparation to store unauthorized files.

Detailed Information An attacker may attempt to create a hidden directory name that begins with a space on an FTP server .  This hidden directory is hard to discover, permitting attackers to store unauthorized "warez" files, such as unlicensed or pirated software.

Affected Systems FTP servers
Attack Scenarios An attacker may attempt to create a hidden directory name that begins with a space to store unauthorized files.
Ease of Attack Simple
Corrective Action Assign restrictive permissions to all directories so unauthorized users cannot navigate or write to them.

Regularly monitor directories for sudden or drastic increased use of space.
Additional References