The cybercriminals behind the notorious Ramnit
malware may have been successful in stealing more than 45,000 Facebook credentials, but a
spokesperson with the social network said many of those account credentials were invalid.
Thus far, we have not seen the virus
propagating on Facebook itself, but have begun working with our external partners to add
protections to our antivirus systems to help users secure their devices.Facebook spokesperson
“We have initiated remedial steps for all affected users to ensure the security of their
accounts,” the Facebook spokesperson said in an email. “Thus far, we have not seen the virus
propagating on Facebook itself, but have begun working with our external partners to add
protections to our antivirus systems to help users secure their devices.”
Researchers keeping close watch on the Ramnit worm, which is responsible for targeting financial
institutions globally, discovered a cache
of Facebook credentials and alerted the social network to the growing threat earlier this
month. The files containing the credentials had no active timestamps, yielding no clues as to how
long the data had been sitting on the rogue server, said Aviv Raff, CTO of Israel-based security
threat services firm Seculert.
“It’s still active in that we’re still seeing the file being updated in real time,” Raff
said.
The Facebook accounts were mainly from users in the U.K. and France. Raff said it is likely that
the cybercriminals are conducting attack campaigns targeted to gain access to bank accounts in
those countries. In addition to Facebook credentials, the server contained banking usernames and
passwords, according to Raff. He declined to say how many stolen banking credentials were
discovered.
Facebook, which boasts 800 million active users, has a mixture of security
technology and an active security response team to detect anomalous account activity that could
signal a fast moving threat on its network. When an account is flagged, the social network alerts
affected users and can temporarily lock-out an account until the user takes remedial action. The
company also partnered
with McAfee in 2010 to improve its account remediation processes.
About 1 million infected machines make up the Ramnit
botnet. The malware, which started out stealing
FTP credentials, was converted into a financial threat last year when the Zeus and SpyEye
source code became public. Raff said the latest variant adds the social networking feature in an
attempt to spread the worm and grow the botnet. The Koobface
worm started spreading on Facebook and then spread to Twitter and LinkedIn accounts, so
researchers can’t rule out that the Ramnit authors will target other social networks.
Article source: http://searchsecurity.techtarget.com/news/2240113552/Ramnit-malware-data-out-of-date-social-network-says
View full post on National Cyber Security » Virus/Malware/Worms
