A nasty bit of malware making the rounds on Facebook has reportedly made
off with the usernames and passwords of more than 45,000 users.
Most of those affected by the worm--called Ramnit--are from France and
the United Kingdom, according to a bulletin issued by security researchers at Securlet. It is capable of infecting Windows executables,
Microsoft Office, and HTML files, according to McAfee.
"We suspect that the attackers behind Ramnit are using the stolen
credentials to log-in to victims' Facebook accounts and to transmit
malicious links to their friends, thereby magnifying the malware's
spread even further," Securlet said in its bulletin. "In addition,
cybercriminals are taking advantage of the fact that users tend to use
the same password in various web-based services (Facebook, Gmail,
Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to
corporate networks."
The worm was first discovered in April 2010 stealing sensitive
information such as stored FTP credentials and browser cookies. In
August 2011, after malware developers borrowed source code from the Zeus
botnet, Ramnit "went financial." With that added strength, Ramnit was
able to "gain remote access to financial institutions, compromise online
banking sessions and penetrate several corporate networks."
Approximately 800,000 machines were infected between September 2011 and
the end of the year.
The security researcher has notified Facebook and provided the
social-networking giant with all the stolen credentials found on
Ramnit's server.
