Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Facebook login details stolen by Ramnit worm

Virus extends reach to grab social network credentials

Article comments

A pervasive worm has expanded its reach to now steal login and password details for Facebook users, warned security vendor Seculert, which found a server holding 45,000 login credentials.

The worm, called Ramnit, infects Windows executables, Microsoft Office and HTML files, according to a profile published by Microsoft. It steals user names, passwords, browser cookies and can also function as a backdoor, allowing a hacker to do other malicious actions on an infected computer.

Researchers from Seculert discovered a command-and-control server for the worm and found that it had harvested some 45,000 credentials from Facebook users, mostly in the UK and France, according to its blog.

Aviv Raff, CTO and cofounder of Seculert, said Ramnit's authors may be finding that attacking social networks is a more productive way to collect people's sensitive data. "We see a growing trend of malware writers embedding social networks in the malware instead of sending the malware itself via email spam," Raff said. "This is the same for Ramnit."

Once the Facebook login and password have been collected, it is suspected that the victim's account is then accessed and a link is posted on their Facebook profile that leads to Ramnit, which will try and infect the computer. "We suspect that they use these credentials to continuously spread the Ramnit malware through Facebook," Raff said.

Another security vendor, Trusteer, noted last year that Ramnit appeared to have been modified in order to commit financial fraud, acquiring similar capabilities as the famous Zeus and SpyEye malicious software programs.

Ramnit can inject HTML fields into a web page and ask for information on a banking site that would not normally be asked, Trusteer noted on August 22.

Seculert estimates that some 800,000 computers were infected with Ramnit between September through the end of December. A Symantec report from July 2011 put Ramnit as the most common piece of malware it blocked in June and July 2011.

Ramnit's mining of Facebook could yield passwords that people have re-used on other websites, a common mistake that gives hackers an easy in.

"Many users use the same password for Facebook and other organisation web services, such as SSL VPN or Outlook Web Access," Raff said. "The attackers may use this to gain remote access to corporate networks. Same goes for their online bank account."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *