Ramnit worm targets Facebook, 45,000 logins compromised

By Lee Kaelin on January 6, 2012, 8:30 AM

Facebook users have had their accounts compromised once again after the Ramnit worm, traditionally used to target the financial industry, set its crosshairs on the social networking site. According to researchers at the security firm Seculert, 45,000 user accounts have been affected.

Users in France and the United Kingdom appear to be most affected by the worm's new tirade on social sites. "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further", the security firm commented in a blog post.

"Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts," a spokesperson for Facebook confirmed. "Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices."

Ramnit was first discovered in April 2010 by the Microsoft Malware Protection Center (MMPC). They described the worm as "a multi-component malware family which infects Windows executable as well as HTML files," which they say is used to steal sensitive information such as FTP login details and browser cookies. A separate report by Symantec (PDF) in July 2011 concluded that variants of the worm accounted for 17.3 percent of all new malicious infections.

In August last year it was paired with source code from the Zeus botnet, and began targeting financial institutions. The additional source code enabled the worm to gain remote access to financial targets, compromise banking sessions and saturate corporate networks. Researchers at Seculert found around 800,000 machines had been infected between September 2011 and the end of December 2011.

The new form of attack on social networking sites is likely due to the change in the way we now use computers. With social sites like Facebook now fast approaching one billion users, it would appear hackers are replacing traditional email spam attacks with worms like Ramnit in a bid to target unsuspecting users.




User Comments: 14

Got something to say? Post a comment
Guest said:

Just another reason why I don't use Facebook

Cellar said:

Amazing, viruses are getting stronger and stronger with every year.

caravel said:

Just another reason why I don't use Facebook

I don't use it either, but this is not a facebook issue, it's a Windows malware issue. Read the article and source.

Guest said:

I think it's time we need our web based logins to support some kind of dongle security key + password logon, instead of just password. Even if the hacker knows the password, they would still need the dongle key generated number, which changes every 30seconds or so. I have this on paypal already.

Guest said:

re: "Dongle" security measures

Not at all fool-proof as the recent RSA breach should have told you...

Trillionsin Trillionsin said:

kids need to be educated in middle or high school about online security.

marinkvasina marinkvasina said:

Guest said:

Just another reason why I don't use Facebook

this is retarded, u should use it , but like me only for communication

i have 0 wall posts, 0 pictures, don't comment or like any pages/pictures anything

only chatting when needed

and i never click on links which have a weird url, and will never get caugh in any virus/malware

PinothyJ said:

Guest said:

Just another reason why I don't use Facebook

Smart Guest is smart (*high fives*)...

Ranger12 Ranger12 said:

trillionsin said:

kids need to be educated in middle or high school about online security.

Sounds more practical than sex ed

Guest said:

come on people, use facebook with https

Guest said:

Wow, these smarties who don't use Facebook are so smug when these sort of articles are posted. You know what, if you didn't have sex you wouldn't need to worry about STIs/STDs either. If you didn't drive you wouldn't have to worry about road accidents. Life is all about choices. You can choose to actually live your life or you can hide whimpering in the corner wallowing in your paranoia. I choose the former and will take the necessary precautions to avoid the risks.

Guest said:

I'm willing to bet with a statement like that your PC is already loading with malware, adware and viruses to say the least LOL

caravel said:

Wow, these smarties who don't use Facebook are so smug when these sort of articles are posted.

Justifiably perhaps? They're not using it and thus won't be affected...

You can choose to actually live your life or you can hide whimpering in the corner wallowing in your paranoia. I choose the former and will take the necessary precautions to avoid the risks.

I see so for you "living your life" is a social networking website...?

Guest said:

You are so correct, Facebook is a major risk to use - I'm cancelling my FB account immediately!

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.