Ramnit Worm Goes Social, Steals 45,000 Facebook Passwords

Posted 01/06/2012 at 7:06am | by Paul Lilly

2

Comments

Print

Have you changed your Facebook password lately? Perhaps you should do it again. Cybercriminals have taught an old worm some new tricks, pointed it towards the world's largest social network, and slapped it on the backside. It didn't take long for this particular variant of Ramnit to rummage through Facebook and steal over 45,000 usernames and passwords around the globe.

A little back history is in order. The Ramnit worm dates back to April 2010 when it was used to steal things like stored FTP credentials and browser cookies, and by July 2011, Symantec figured the worm and its variants accounted for over 17 percent of all new malicious software infections. A month later it morphed into financial malware, helped in part by the Zeus botnet source code leaking to the Web.

Now Ramnit is playing on social playgrounds, affecting mostly U.K. and France residents where most of the 45,000 login credentials were swiped from, according to Seculert.

"We suspect that the attackers behind Ramnit are using the stolen credentials to log into victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Securlert said in a blog post. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

This might be only the beginning of more to come. Securlert warns that the practice of taking old email worms and updating them with social tools could become a trend.