Facebook versus Ramnit Worm
Security management firm Seculert reported that over 45,000 Facebook login usernames and passwords have been stolen by the Ramnit worm, predominantly from members based in France (27%) and the United Kingdom (69%) with 4% affected from elsewhere. As of August 2011, Ramnit was used to target financial institutions. The Microsoft Malware Protection Center discovered Ramnit in April 2010 and described it as malware that infects Windows executable and Microsoft Office files and HTML files. Ramnit can spread to removable drives and hack sensitive information such as saved browser cookies and FTP credentials. Access by a remote attacker is possible.
Seculert discovered this new version of Ramnit by accessing the visible Ramnit Facebook C&C URL. The company also used a sinkhole to divert and analyze hostile internet traffic and concluded that approximately 800,000 computers were infected with Ramnit from September to December 2011. Computers can become infected by visiting malicious websites in a manner referred to as drive-by downloads and clicking on questionable links within email messages.
Seculert provided Facebook with all of the stolen information that it found on the Ramnit servers. Facebook is informing the affected users even though much of the information was out-of-date as well as asking them to reset their passwords to reinforce the security of their accounts. Seculert theorized that the hackers would hijack the compromised Facebook accounts to spread malicious links to their friends presumably sent by themselves rather than by strangers. Online users often use the same password over and over for various services which makes different accounts vulnerable to attack from online attackers.
Some IT writers expressed concern that compromised social networking and cloud computing-based accounts also place internal corporate network accounts security in jeopardy through their links with the outside world using official and unofficial channels of communication.
Comments