Ramnit malware steals over 45K Facebook passwords

Ramnit malware steals over 45K Facebook passwords

Summary: Stolen details mostly from U.K. and France and likely used to spread reach of malware, says security vendor. It adds Ramnit represents new breed of social network worms.


More than 45,000 Facebook login details worldwide have been stolen by a malware known as Ramnit, according to one security vendor. It suspects that cybercriminals are making use of the stolen details to access users' accounts and spread malicious links with the malware, thus magnifying its reach.

In a blog post on Thursday, security firm Securlert highlighted this breach and stated that most of the login details were stolen from Facebook accounts in the U.K. and France. Using the stolen details, cybercriminals can log into the affected users' accounts and post malicious links that contain Ramnit to further the malware's reach.

"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various Web-based services, such as Facebook, Gmail, corporate SSL VPN, Outlook Web Access, etc, to gain remote access to corporate networks," the blog post said.

Facebook told BBC on Thursday that it is looking into the issue.

The blog post also pointed out that with the recent ZeuS Facebook worm and the latest Ramnit variant, it appears that proficient hackers are not experimenting with replacing the "old-school" e-mail worms with more updated social network worms.

"As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands," Securlert stated.

The security firm noted that Ramnit was first discovered by the Microsoft Malware Protection Center (MMPC) in April 2010. The MMPC described the worm as a "multi-component malware family which infects Windows executiable as well as HTML files" and "stealing sensitive informations such as stored FTP credentials and browser cookies". 

In July last year, a separate Symantec report predicted that Ramnit variants had accounted for 17.3 percent of all new malicious software infections.

Another security vendor Trusteer subsequently reported in August 2011 that Ramnit had gone "financial" after the source code of another malware, ZeuS, was leaked. It was suspected that the hackers behind Ramnit then fused the two viruses together, enabling Ramnit to bypass two-factor authentication and transaction signing systems, gain remote access to financial instituions, compromise online banking sessions and penetrate several corporate networks, the blog post noted.

Seculert also said that 800,000 machines had been infected with Ramnit from September to end-December last year.

Topics: CXO, Browser, Data Management, Networking, Security, Social Enterprise

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Malware.Ramnit is a malicious worm that runs in the background and is capable to modify internet explorer cookies to connect the infected computer to malicious domains. This worm might also come with removable drives that you plug into your PC, having previously injected its malcode therein. Malware.Ramnit is dangerous virus that hits unprotected computers through network environment and diverse unsecured web sites. Malware.Ramnit may result in a backdoor being opened on your computer system which will allow for malicious online attackers to gain access to your system. This worm alters registry entries and creates an entry to run automatically every time Windows starts. Malware.Ramnit should be deleted as soon as possible.