'Ramnit' worm hijacks 45,000 Facebook logins

Summary:A nasty piece of malware is siphoning usernames and passwords from Facebook accounts, mostly in the U.K. and France.

A nasty worm slithering through Facebook has successfully pilfered more than 45,000 usernames and passwords from users of the world's most popular social network.

Most of the Facebook victims are the the U.K. and France, according to researchers at Seculert.

The worm, called Ramnit, was first discovered around 2010 stealing FTP credentials and browser cookies from infected machines.

In 2011, the worm started hijacking financial data and by the end of the year, had been found on about 800,000 Windows computers.

Now, Seculert has discovered a new target -- Facebook usernames and passwords.

follow Ryan Naraine on twitter

Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook command-and-control URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.

We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.

The company has notified Facebook of the attack and provides the company with all the stolen credentials found on the worm's command-and-control server.

Topics: Malware, Security, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.