Facebook Login Risk: Ramnit Worm Steals User Details

on January 06 2012 8:42 AM
Facebook
Facebook Reuters

A Ramnit worm has stolen the details of 45,000 Facebook user logins, according to a report.

Seculert, a cyber threat management firm, has a research lab that identified a new variant of the Ramnit work, the company reports. The Ramnit worm was originally found in 2010 infecting Windows executable and HTML files and other sensitive information to steal.

But Seculert said Ramnit has recently started targeting user accounts at Facebook, the world's largest social network with some 800 million users. Ramnit has apparently taken sensitive login details from 45,000 Facebook users throughout the world -- with most in Europe.

Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C (Command & Control servers) URL is visible and accessible, it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France, says Seculert in a blog post.

In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks, Seculert said.

While the number of Facebook users impacted is relatively low at this point the risk could ultimately be high since a July 2011 report from Symantec suggested that 17.3 percent of all new malicious software infections are linked to Ramnit.

Seculert said the worm has been reported to Facebook. The social network company said, according to PC Advisor, that it has initiated remedial steps for all affected users to ensure the security of their accounts.

Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices, said spokesperson for Facebook.

Ramnit is targeting Facebook, Seculart suggests, because attackers want to log into user accounts and send malicious links to their Facebook friends. Also, once Facebook details are obtained hackers can use that information to attack other Web-based services the users log into including Gmail and Outlook.

More News from IBT MEDIA