Approx 45,000 Facebook Accounts login details are hacked using the Ramnit worm. This Ramnit Worm has been spreading since April 2010 but recently come again with new tricks on facebook and steal the financial information like bank details, online banking credentials.
Basically Ramnit worm is best known as a financial malware family that steals FTP credentials and most recently morphed into a Zeus-like weapon that performs HTML code injection into browsers to steal online banking credentials.
According to Seculert’s research lab, Ramnit recently started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France.
Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”.
Ramnit is known for its ability to spread quickly and on a large scale. “This is a variant which expands the financial-stealing of the previous version and now steals Facebook login credentials,” said Aviv Raff, CTO at Seculert. “We suspect they are using the login credentials to increase the spread of Ramnit. The malware by itself is a worm–or a file infector–and this feature adds to this worm capability.”
According to Seculert, whoever is behind the new Ramnit variant is using it the stolen login details to access victims’ Facebook accounts and send malicious links to their friends.
“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further,”
The hackers behind the reworked Ramnit Facebook worm have their sights set on more than just targets’ banking credentials, Seculert said. The attackers, “are taking advantage of the fact that users tend to use the same password in various Web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.”
According to Facebook,”Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware. Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts.”
“Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices.”