Since it was first spotted in April of 2010, Seculert has been monitoring the evolution of the Ramnit worm, which has been described as “a multi-component malware family which infects Windows executable as well as HTML files” in order to steal “sensitive information such as stored FTP credentials and browser cookies.”
Infact, Ramnit was so successful in infecting computers that Symantec’s July 2011 Intelligence Report [PDF] estimated that variants of the Ramnit worm accounted for a 17.3% of all new malicious software infections!
As if that didn’t make Ramnit scary enough, word hit in August of 2011 that malware authors had incorporated parts of the infamous Zeus malware into Ramnit, enabling the worm to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.”
Using a sinkhole, Seculert discovered that Ramnit had managed to infect 800,000 machines between September – December 2011.
However, with the New Year comes a new target: Facebook login credentials.
Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.
But why would crooks go from stealing financial data to social networking logins?!
The answer is quite simple: to post malicious on Facebook links to help spread Ramnit and take advantage of the fact that folks have the tendency to use the same password across multiple websites!
It seems cybercriminals have taken notice to the fact that they can easily abuse Facebook’s viral sharing capabilities in order to spread malware - along with whatever other mayhem they choose to unleash.
It’s important that Facebook users – or computer users in general – protect themselves and their sensitive data by running antivirus software and do their best to avoid malicious links, files, and/or programs.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.