Ramnit worm targets Facebook, 45,000 logins compromised

Leeky

Posts: 3,357   +116

Facebook users have had their accounts compromised once again after the Ramnit worm, traditionally used to target the financial industry, set its crosshairs on the social networking site. According to researchers at the security firm Seculert, 45,000 user accounts have been affected.

Users in France and the United Kingdom appear to be most affected by the worm's new tirade on social sites. "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further", the security firm commented in a blog post.

"Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts," a spokesperson for Facebook confirmed. "Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices."

Ramnit was first discovered in April 2010 by the Microsoft Malware Protection Center (MMPC). They described the worm as "a multi-component malware family which infects Windows executable as well as HTML files," which they say is used to steal sensitive information such as FTP login details and browser cookies. A separate report by Symantec (PDF) in July 2011 concluded that variants of the worm accounted for 17.3 percent of all new malicious infections.

In August last year it was paired with source code from the Zeus botnet, and began targeting financial institutions. The additional source code enabled the worm to gain remote access to financial targets, compromise banking sessions and saturate corporate networks. Researchers at Seculert found around 800,000 machines had been infected between September 2011 and the end of December 2011.

The new form of attack on social networking sites is likely due to the change in the way we now use computers. With social sites like Facebook now fast approaching one billion users, it would appear hackers are replacing traditional email spam attacks with worms like Ramnit in a bid to target unsuspecting users.

Permalink to story.

 
I think it's time we need our web based logins to support some kind of dongle security key + password logon, instead of just password. Even if the hacker knows the password, they would still need the dongle key generated number, which changes every 30seconds or so. I have this on paypal already.
 
re: "Dongle" security measures
Not at all fool-proof as the recent RSA breach should have told you...
 
Wow, these smarties who don't use Facebook are so smug when these sort of articles are posted. You know what, if you didn't have sex you wouldn't need to worry about STIs/STDs either. If you didn't drive you wouldn't have to worry about road accidents. Life is all about choices. You can choose to actually live your life or you can hide whimpering in the corner wallowing in your paranoia. I choose the former and will take the necessary precautions to avoid the risks.
 
I'm willing to bet with a statement like that your PC is already loading with malware, adware and viruses to say the least LOL
 
Wow, these smarties who don't use Facebook are so smug when these sort of articles are posted.
Justifiably perhaps? They're not using it and thus won't be affected...

You can choose to actually live your life or you can hide whimpering in the corner wallowing in your paranoia. I choose the former and will take the necessary precautions to avoid the risks.
I see so for you "living your life" is a social networking website...?

:rolleyes:
 
You are so correct, Facebook is a major risk to use - I'm cancelling my FB account immediately!
 
Back