Remember meForgot password?
    Log in with Twitter

Ramnit worm infects Facebook, steals login credentials

By Leigh Goessl     Jan 8, 2012 in Internet
Security experts recently discovered a worm has been circulating through Facebook.
During examination, the researchers discovered the login credentials of over 45,000 Facebook users had been compromised.
The form of malware the researchers at Seculert found in their lab is a well-known form of infection that was discovered back in April 2010, however this appears to be the first time this worm has surfaced in a social network environment.
According to Seculert, over 45,000 usernames and passwords have been stolen globally by the Ramnit worm; primarily U.K. and France based users have been most affected by the exploit.
Researchers said, "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further."
The researchers also pointed out exploiters are likely banking on the assumption many people use the same password for several online accounts, especially ones that might be linked to corporate accounts where remote access can gain entry.
Seculert subsequently forwarded the list of accounts it discovered to Facebook.
The Ramnit worm was described by the Microsoft Malware Protection Center as "a multi-component malware family which infects Windows executable as well as HTML files," with an ability to steal stored information "such as stored FTP credentials and browser cookies." Additionally, the worm was noted to be able to act as a backdoor to allow intruder access.
In late summer 2011 it was noticed by security experts the worm was "transforming" into financial malware. Symantec said this worm was the most blocked one in July 2011 and variants of the Ramnit worm accounted for 17.3 percent of all malicious software blocked.
After this worm was exposed as having surfaced on the network, Facebook issued a statement, shared by many media outlets. The company said it was looking into the matter and had determined many of the login credentials were outdated.
ZDNet reported they asked Facebook via email for clarification on the "outdated" credentials and a Facebook spokesperson responded, "over half of these logins were either invalid or had old/expired passwords."
The ZDNet report pointed out that many afflicted accounts were of the "fake or throwaway" nature, and many users have likely changed their passwords since news of the worm surfaced. The report also noted social network giant responded quickly to the security issue after receiving the list, by checking all affected accounts in under 24 hours.
Over time social media has grown to become a goldmine for cybercriminals due to the vast amount of information streamed through the networks. With a massive network, such as Facebook, that has over 800 million members, there is high potential for a lucrative return for exploiters.
In this respect, it's perhaps not so surprising malware authors are customizing exploits to target social media, the payoff can be immense if even a small percentage of accounts are infiltrated.
It's a good idea to periodically change your passwords. Some experts recommend (and many employers require) a password change about every 90 days. Microsoft recommends 30-90 days.
More about Facebook, Worm, ramnit worm, ramnit, Malware