Worm steals 45,000 Facebook login credentials, infects victims' friends

[FunkY]

Worm steals 45,000 Facebook login credentials, infects victims' friends
By Jon Brodkin | Published about 23 hours ago

A worm previously used to commit financial fraud is now stealing Facebook login credentials, compromising at least 45,000 Facebook accounts with the goals of transmitting malicious links to victims' friends and gaining remote access to corporate networks.

The security company Seculert has been tracking the progress of Ramnit, a worm first discovered in April 2010, and described by Microsoft as "multi-component malware that infects Windows executable files, Microsoft Office files and HTML files" in order to steal "sensitive information such as saved FTP credentials and browser cookies." Ramnit has previously been used to "bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks," Seculert says.

Recently, Seculert set up a sinkhole and discovered that 800,000 machines were infected between September and December. Moreover, Seculert found that more than 45,000 Facebook login credentials, mostly in the UK and France, were stolen by a new variant of the worm.

"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Seculert said. "In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

Facebook fraud, of course, is nothing new. Facebook itself has acknowledged seeing 600,000 compromised logins each day, although that accounts for just 0.06 percent of the 1 billion daily Facebook logins each day.

Source
http://arstechnica.com/business/news...ms-friends.ars

[jj1two3]

I heard about this on the news this morning. Thanks FunkY.

[Bearcat]

Thanks for the heads up FunkY. I am on Facebook myself, but am very careful about security when I log on.

[Nick Vini]

Another thing that makes me to think that social networking is a particular kind of evil (only because of above and all other types of fraud, not itself).

[Ceyfer √]

Another thing that makes me to think that social networking is a particular kind of evil (only because of above and all other types of fraud, not itself).

Sounds you didn't really like Web 2.0? It's the future and it's evolving fast, but we can't really stop people from taking advantage of this technology, either for the good one or bad one.

Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.

What's interesting about this malware is not because it can attack Facebook ( which has 800 million ) users but rather it can wreak havoc on your wallet.