Worm Steals At Least 45,000 Facebook Logins


Next time you’re on Facebook and get a link from some friends, be careful: It might be part of a scam to snag your login info and hack into financial institutions.

Stories of Facebook accounts getting hacked aren’t all that uncommon, but this latest case is a doozy. A worm that was originally designed to compromise bank systems has been repurposed and is now stealing Facebook login credentials.

Security company Seculert has been actively keeping track of the worm Ramnit, which was originally discovered in April 2010. Microsoft, meanwhile, has explained that the worm is “a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.”

Basically, Ramnit is capable of bypassing two-factor authentication systems, which means it’s been able to gain remote access to financial institutions.

Seculert has discovered that approximately 800,000 machines were infected with Ramnit between September and December. On top of that, a variant of the worm has stolen the login information for over 45,000 Facebook accounts.

According to Seculert:

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.”

If your friends start sending out a bunch of links, be extra careful. Don’t let yourself wind up a part of this statistic.

Source: Seculert via Ars Technica

About the author