A computer worm dubbed Ramnit is believed to have stolen about 45,000 Facebook login credentials, a digital security firm has warned. The stolen data have been taken largely from Facebook accounts in UK and France, the security firm Seculert said.
We suspect that the attackers behind Ramnit are using the stolen credentials to login to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further, Seculert researchers said on the firm's blog, adding that cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks.
According to a BBC report, Facebook is verifying the malware infestation issue.
Ramnit, discovered in April 2010, is a multi-component malware family which infects Windows executable as well as HTML files, stealing sensitive information such as stored FTP credentials and browser cookies. In July 2011, a Symantec report estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections, Seculert's blog post said.
The worm also acts as a backdoor for hackers to launch an attack on infected computers and networks, and had previously stolen banking details.
With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms, Seculert said.
As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands, it said.