'Ramnit' worm hijacks 45,000 Facebook logins

A nasty piece of malware is siphoning usernames and passwords from Facebook accounts, mostly in the U.K. and France.
Written by Ryan Naraine, Contributor

A nasty worm slithering through Facebook has successfully pilfered more than 45,000 usernames and passwords from users of the world's most popular social network.

Most of the Facebook victims are the the U.K. and France, according to researchers at Seculert.

The worm, called Ramnit, was first discovered around 2010 stealing FTP credentials and browser cookies from infected machines.

In 2011, the worm started hijacking financial data and by the end of the year, had been found on about 800,000 Windows computers.

Now, Seculert has discovered a new target -- Facebook usernames and passwords.

Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook command-and-control URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.

We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.

The company has notified Facebook of the attack and provides the company with all the stolen credentials found on the worm's command-and-control server.

Editorial standards