Ramnit worm steals 45,000 Facebook passwords

Author: Category: Greg's Blog

A computer worm has begun targeting Facebook accounts and has stolen at least 45,000 login
credentials from users, say security researchers.

Although the worm, known as Ramnit, is targeting Facebook users around the world, most of those
affected are in the UK (69%) and France(27%), according to researchers at Seculert.

Discovered in April 2010, the Microsoft
Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which
infects Windows executable as well as HTML files”, “stealing sensitive information such as stored
FTP credentials and browser cookies”.

In August 2011, Trusteer
reported that Ramnit was merged with the Zeus Trojan, enabling the worm  to bypass two-factor
authentication and transaction signing systems, gain remote access to financial institutions,
compromise online banking sessions and penetrate several corporate networks.

Seculert researchers have now identified a completely new ‘financial’ Ramnit variant aimed at
stealing Facebook login credentials.

The Ramnit Facebook CC (command and control) URL is visible and accessible, making it
possible for researchers to detect that over 45,000 Facebook login credentials have been stolen
worldwide.

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to
victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the
malware’s spread even further,” the researchers said in a blog post.

They also believe cybercriminals are taking advantage of the fact that users tend to use the
same password in various web-based services such as Corporate SSL VPN to gain remote access to
corporate networks.

“With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that
sophisticated hackers are now experimenting with replacing the old-school email worms with more
up-to-date social network worms,” the researchers say.

As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social
networks can be manipulated to cause considerable damage to individuals and institutions when it is
in the wrong hands, they said.

Seculert has provided Facebook with all of the stolen credentials that were found on the Ramnit
servers and Facebook has confirmed that it is investigating.

Related Topics:

Social media technology,

Cloud computing software,

Cloud computing services,

IT risk management,

IT for transport and travel industry,

IT governance,

IT for manufacturing,

IT for telecoms and internet organisations,

Privacy and data protection,

IT for leisure and hospitality industry,

IT for small and medium-sized enterprises (SME),

IT for government and public sector,

IT for retail and logistics,

IT for media and entertainment industry,

Hackers and cybercrime prevention,

IT for financial services,

VIEW ALL TAGS


Article source: http://www.computerweekly.com/news/2240113383/Ramnit-worm-steals-45000-Facebook-passwords

View full post on National Cyber Security » Virus/Malware/Worms