A nasty malware reportedly stole the usernames and passwords of more than 45,000 users.
The worm called Ramnit was first discovered almost two years ago, that was recently reengineered to steal Facebook login credentials.
Users whose account information was stolen were mostly from France and the U.K. It is suspected that the people behind the worm are making use of the stolen details to access users’ accounts and spread malicious link with the malware, thus magnifying its reach.
“In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various Web-based services, such as Facebook, Gmail, corporate SSL VPN, Outlook Web Access, etc, to gain remote access to corporate networks,” security firm Securlert said in a blog post.
But the problem is not as bad as it seems according to Emil Protlinski:
“I contacted Facebook for further details, and it turns out that the 45,000 number comes with a little asterisk. Furthermore, the social networking giant made a point to underline the fact that the virus is not actually spreading on Facebook, but across computers of users who access the service via their desktop browser.”
“We were able to review and checkpoint all compromised credentials in under 24 hours after receiving the list,” he quoted a Facebook’s spokesperson.
With over 800 million users, Facebook is a heaven for cybercriminals. This is not the first time users on Facebook have been targeted, and it will not be the last time. So, we should always to exercise our best judgement while clicking on links or attachments. It’s sure is difficult, but taking the extra step of using different login credentials for different web services, and changing your passwords every few months will certainly pay off in the long run.
More about the Ramnit worm
Ramnit was first discovered by the Microsoft Malware protection Center (MMPC) in April 2010, who described the worm as a “multi-component malware family which infects Windows executable as well as HTML files” and “steal sensitive information such as stored FTP credentials and browser cookies”.
A Symantec report said that Ramnit accounted for more than 17.3 percent of all new malicious software infections.
In August 2011, Ramnit went “financial”. It is suspected that hackers fused Ramnit infection capabilities with the financial data-sniffing capabilities of another malware, ZeuS, enabling Ramnit to bypass two-factor authentication and transaction signing systems. With the added strength Ramnit was able to “gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.”
According to Seculert’s Aviv Raff, approximately 800,000 machines were infected between September 2011 and December 2011.
{ 0 comments }
