A computer worm has begun targeting Facebook accounts and has stolen at least 45,000 login
credentials from users, say security researchers.
Although the worm, known as Ramnit, is targeting Facebook users around the world, most of those
affected are in the UK (69%) and France(27%), according to researchers at Seculert.
Discovered in April 2010, the Microsoft
Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which
infects Windows executable as well as HTML files”, “stealing sensitive information such as stored
FTP credentials and browser cookies”.
In August 2011, Trusteer
reported that Ramnit was merged with the Zeus Trojan, enabling the worm to bypass two-factor
authentication and transaction signing systems, gain remote access to financial institutions,
compromise online banking sessions and penetrate several corporate networks.
Seculert researchers have now identified a completely new ‘financial’ Ramnit variant aimed at
stealing Facebook login credentials.
The Ramnit Facebook CC (command and control) URL is visible and accessible, making it
possible for researchers to detect that over 45,000 Facebook login credentials have been stolen
worldwide.
“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to
victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the
malware’s spread even further,” the researchers said in a blog post.
They also believe cybercriminals are taking advantage of the fact that users tend to use the
same password in various web-based services such as Corporate SSL VPN to gain remote access to
corporate networks.
“With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that
sophisticated hackers are now experimenting with replacing the old-school email worms with more
up-to-date social network worms,” the researchers say.
As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social
networks can be manipulated to cause considerable damage to individuals and institutions when it is
in the wrong hands, they said.
Seculert has provided Facebook with all of the stolen credentials that were found on the Ramnit
servers and Facebook has confirmed that it is investigating.
Related Topics:
IT for transport and travel industry,
IT for telecoms and internet organisations,
IT for leisure and hospitality industry,
IT for small and medium-sized enterprises (SME),
IT for government and public sector,
IT for media and entertainment industry,
Hackers and cybercrime prevention,
Article source: http://www.computerweekly.com/news/2240113383/Ramnit-worm-steals-45000-Facebook-passwords
View full post on National Cyber Security » Virus/Malware/Worms