'Ramnit' worm hijacks 45,000 Facebook logins
Summary: A nasty piece of malware is siphoning usernames and passwords from Facebook accounts, mostly in the U.K. and France.
A nasty worm slithering through Facebook has successfully pilfered more than 45,000 usernames and passwords from users of the world's most popular social network.
Most of the Facebook victims are the the U.K. and France, according to researchers at Seculert.
The worm, called Ramnit, was first discovered around 2010 stealing FTP credentials and browser cookies from infected machines.
In 2011, the worm started hijacking financial data and by the end of the year, had been found on about 800,000 Windows computers.
Now, Seculert has discovered a new target -- Facebook usernames and passwords.
Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook command-and-control URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.
We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.
The company has notified Facebook of the attack and provides the company with all the stolen credentials found on the worm's command-and-control server.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: 'Ramnit' worm hijacks 45,000 Facebook logins
It would be interesting to find out.
Safe to assume yes
It is a trojan after all. Just like OS X trojans only affect OS X users, this Windows trojan only affects Windows users. This trojan does not take advantage of any security vulnerabilities in Windows, it simply asks for administrative permissions through UAC and if it gets it, goes ahead and does its things with the permissions that the user has willingly given it.
No OS can protect against this.
RE: 'Ramnit' worm hijacks 45,000 Facebook logins
Unless the worm is coded correctly so it doesn't prompt UAC.. Or it attaches itself to the user profile like many Fakeware does. In this case there's no UAC to trigger and the user is unaware.
True in general, not in this case
RE: True in general, not in this case
"a trojan could be written to do some nasty stuff without requiring elevated privileges on Linux, OS X, or Windows.
It's already been done on both Windows and Mac OS X:
"Zeus
http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99&tabid=2
"Mac Defender
http://www.maximumpc.com/article/news/game_afoot_mac_defender_malware_already_evolving
With it's 1-2 % market share, no one bothers with desktop Linux. Even Mac OS X gets very little attention relative to Windows.
This is why Mark Russinovich of Microsoft doesn't refer to UAC as a security boundary. His expectation is that the malware miscreants will simply target standard user accounts. He was right and it's already started.
if you're going to download and run just anything
RE: 'Ramnit' worm hijacks 45,000 Facebook logins
And still many sites like this one continue to promote joining Facebook!!!
RE: 'Ramnit' worm hijacks 45,000 Facebook logins
RE: 'Ramnit' worm hijacks 45,000 Facebook logins