Ramnit worm targets Facebook, 45,000 logins compromised

Facebook users have had their accounts compromised once again after the Ramnit worm, traditionally used to target the financial industry, set its crosshairs on the social networking site. According to researchers at the security firm Seculert, 45,000 user accounts have been affected.

Users in France and the United Kingdom appear to be most affected by the worm's new tirade on social sites. "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further", the security firm commented in a blog post.

"Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts," a spokesperson for Facebook confirmed. "Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices."

Ramnit was first discovered in April 2010 by the Microsoft Malware Protection Center (MMPC). They described the worm as "a multi-component malware family which infects Windows executable as well as HTML files," which they say is used to steal sensitive information such as FTP login details and browser cookies. A separate report by Symantec (PDF) in July 2011 concluded that variants of the worm accounted for 17.3 percent of all new malicious infections.

In August last year it was paired with source code from the Zeus botnet, and began targeting financial institutions. The additional source code enabled the worm to gain remote access to financial targets, compromise banking sessions and saturate corporate networks. Researchers at Seculert found around 800,000 machines had been infected between September 2011 and the end of December 2011.

The new form of attack on social networking sites is likely due to the change in the way we now use computers. With social sites like Facebook now fast approaching one billion users, it would appear hackers are replacing traditional email spam attacks with worms like Ramnit in a bid to target unsuspecting users.