Ramnit Computer Worm Compromises 45K Facebook Logins

A computer worm that has traditionally targeted the financial industry has set its sights on social networking, recently stealing over 45,000 Facebook login credentials, according to security firm Seculert.

In a statement, Facebook said the majority of the login credentials were outdated, but it was still notifying the affected users.

The worm, known as Ramnit, dates back to April 2010, and is described as a multi-component malware family that infects Windows executable and HTML files, stealing sensitive info like stored FTP credentials and browser cookies, Seculert said in a blog post.

A July 2011 report (PDF) from Symantec said Ramnit was responsible for 17.3 percent of all new malicious software infections.

Ramnit started going after financial institutions in August 2011, possibly merging with ZeusS “to create a ‘Hybrid creature’ which was empowered by both the scale of the Ramnit infection and the ZeuS financial data-sniffing capabilities,” Seculert said.

This approach let Ramnit bypass two-factor authentication systems, allowing remote access to financial institutions, including online banking sessions and corporate networks.

“With the use of a Sinkhole, we discovered that approximately 800,000 machines were infected with Ramnit from September to end of December 2011,” Seculert said.

More recently, however, Ramnit has set its sites on Facebook and its 800 million users. Of the 45,000 compromised login details, approximately 69 percent were from Facebook users in the U.K., followed by 27 percent in France, and 4 percent elsewhere.

Full Story Via PCMag