Ramnit malware steals over 45K Facebook passwords

Stolen details mostly from U.K. and France and likely used to spread reach of malware, says security vendor. It adds Ramnit represents new breed of social network worms.

More than 45,000 Facebook login details worldwide have been stolen by a malware known as Ramnit, according to one security vendor. It suspects that cybercriminals are making use of the stolen details to access users' accounts and spread malicious links with the malware, thus magnifying its reach.

In a blog post on Thursday, security firm Securlert highlighted this breach and stated that most of the login details were stolen from Facebook accounts in the U.K. and France. Using the stolen details, cybercriminals can log into the affected users' accounts and post malicious links that contain Ramnit to further the malware's reach.

"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various Web-based services, such as Facebook, Gmail, corporate SSL VPN, Outlook Web Access, etc, to gain remote access to corporate networks," the blog post said.

Facebook told BBC on Thursday that it is looking into the issue.

The blog post also pointed out that with the recent ZeuS Facebook worm and the latest Ramnit variant, it appears that proficient hackers are not experimenting with replacing the "old-school" e-mail worms with more updated social network worms.

"As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands," Securlert stated.

The security firm noted that Ramnit was first discovered by the Microsoft Malware Protection Center (MMPC) in April 2010. The MMPC described the worm as a "multi-component malware family which infects Windows executiable as well as HTML files" and "stealing sensitive informations such as stored FTP credentials and browser cookies". 

In July last year, a separate Symantec report predicted that Ramnit variants had accounted for 17.3 percent of all new malicious software infections.

Another security vendor Trusteer subsequently reported in August 2011 that Ramnit had gone "financial" after the source code of another malware, ZeuS, was leaked. It was suspected that the hackers behind Ramnit then fused the two viruses together, enabling Ramnit to bypass two-factor authentication and transaction signing systems, gain remote access to financial instituions, compromise online banking sessions and penetrate several corporate networks, the blog post noted.

Seculert also said that 800,000 machines had been infected with Ramnit from September to end-December last year.