Example: [Collected via e-mail, January 2012]
Comment: Malware Worm Spreading on Facebook — 45,000 Passwords Stolen So Far
Seculert issued a warning today that the Ramnit worm, which has traditionally targeted financial login credentials, is now targeting Facebook users. At the time of the release, 45,000 login credentials had been stolen with most of those from users residing in the UK and France. Ramnit is known to attack windows executable files (files ending with exe), MS Office files and HTML documents. The worm’s goal is to steal sensitive data such as user names, passwords, FTP credentials and browser cookies.
Origins: As PC Magazine reported on 5 January 2012:
In a statement, Facebook said the majority of the login credentials were outdated, but it was still notifying the affected users.
The worm, known as Ramnit, dates back to April 2010, and is described as a multi-component malware family that infects Windows executable and HTML files, stealing sensitive info like stored FTP credentials and browser cookies, Seculert said.
A July 2011 report from Symantec said Ramnit was responsible for 17.3 percent of all new malicious software infections.
We suspect that the attackers behind Ramnit are using the stolen credentials to
With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands.