In a message dated 1/9/2012 10:22:50 P.M. Pacific Standard Time,
Worm steals more than 45,000 Facebook logins
by Steven Musil
January 5, 2012
A nasty bit of malware making the rounds on Facebook has reportedly made
off with the usernames and passwords of more than 45,000 users.
Most of those affected by the worm–called Ramnit–are from France and the
United Kingdom, according to a bulletin issued by security researchers at
Seculert. It is capable of infecting Windows executables, Microsoft Office,
and HTML files, according to McAfee.
"We suspect that the attackers behind Ramnit are using the stolen
credentials to log-in to victims' Facebook accounts and to transmit malicious links
to their friends, thereby magnifying the malware's spread even further,"
Securlet said in its bulletin. "In addition, cybercriminals are taking
advantage of the fact that users tend to use the same password in various
web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.)
to gain remote access to corporate networks."
The worm was first discovered in April 2010 stealing sensitive information
such as stored FTP credentials and browser cookies. In August 2011, after
malware developers borrowed source code from the Zeus botnet, Ramnit "went
financial." With that added strength, Ramnit was able to "gain remote
access to financial institutions, compromise online banking sessions and
penetrate several corporate networks." Approximately 800,000 machines were
infected between September 2011 and the end of the year.
The security researcher has notified Facebook and provided the
social-networking giant with all the stolen credentials found on Ramnit's server.
Steven Musil is the night news editor at CNET News. Before joining CNET
News in 2000, Steven spent 10 years at various Bay Area newspapers.
G.E. Investigations, LLC
AIM / ICQ: DetectiveGE
Certified Missing Persons Investigator
NRA Certified Firearms Instructor
NRA Certified RTBAV Instructor
"Giving you... Just the Facts!"
"Assisting you in those times of EXIGENT CIRCUMSTANCES…
When Waiting Isn't an Option!"
[Non-text portions of this message have been removed]