Jan 5, 2012 – 3:37 PM ET
Dan Kitwood/Getty Images
Users of the world’s largest social network are at risk of having their accounts compromised by a sophisticated form of malicious software, security firm Seculert warned Thursday.
Passwords belonging to more than 45,000 Facebook accounts were discovered on a command and control server controlled by a pervasive piece of malware called Ramnit. Known as a “worm” because of its ability to self-replicate, Ramnit was recently reported to have been adapted to target banking information.
“It seems, however, that this is not the last twist,” the Israeli company said in a blog post.
“Recently, our research lab identified a completely new ‘financial’ Ramnit variant aimed at stealing Facebook login credentials.”
Most of the victims so far appear to be in the United Kingdom and France, Seculert said, with the attacker’s objective being to log into their accounts and transmit malicious links to their friends. It is just one of several ways the worm propagates itself, as a recent Symantec Corp. report found variations of Ramnit were responsible for 17.3% of all malware infections around the world.
Credit: Seculert Research Labs
Approximately 4% of known Ramnit infections have hit users outside of the U.S. and France, though it is unknown whether any Canadians are among them.
“In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks,” the Seculert researchers said.
Ramnit was first discovered by Microsoft Corp.’s Malware Protection Center (MMPC) in April 2010. Described by the MMPC as “a multi-component malware family which infects Windows executable as well as HTML files, stealing sensitive information such as stored FTP credentials and browser cookies,” approximately 800,000 devices have become infected with a version of Ramnit during the past four months alone.
Social networks have grown increasingly attractive to hackers in recent years as member profiles represent a veritable treasure trove of personal data which cyber criminals can use for monetary gain. Cloud security provider Cenzic Inc. said last month cyber criminals are becoming more focused on leveraging social networks to find personal information about company employees for later use in a more widespread attack.
“It appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms,” Seculert said.
“As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands.”
Posted in: FP Tech Desk, Internet
Tags: Facebook, Facebook security, Internet Security, Ramnit, Ramnit targets Facebook, Ramnit worm, Seculert
-
Buy Qualcomm on discount: Scotia
-
Today in tech: January 5
-
Xerox acquires Oakville’s LaserNetworks
-
Reject Belden’s hostile bid, RuggedCom urges shareholders
-
An austere year
blog comments powered by Disqus
Article source: http://business.financialpost.com/2012/01/05/ramnit-malware-targets-facebook-steals-45000-passwords/
View full post on National Cyber Security » Virus/Malware/Worms