Claim: The Ramnit worm has been stealing Facebook credentials.
Example:[Collected via e-mail, January 2012]
Comment: Malware Worm Spreading on Facebook — 45,000 Passwords Stolen So Far
Seculert issued a warning today that the Ramnit worm, which has traditionally targeted financial login credentials, is now targeting Facebook users. At the time of the release, 45,000 login credentials had been stolen with most of those from users residing in the UK and France. Ramnit is known to attack windows executable files (files ending with exe), MS Office files and HTML documents. The worm’s goal is to steal sensitive data such as user names, passwords, FTP credentials and browser cookies.
Origins: As PC Magazine reported on 5 January 2012:
A computer worm that has traditionally targeted the financial industry has set its sights on social networking, recently stealing over 45,000 Facebook login credentials, according to security firm Seculert.
In a statement, Facebook said the majority of the login credentials were outdated, but it was still notifying the affected users.
The worm, known as Ramnit, dates back to April 2010, and is described as a multi-component malware family that infects Windows executable and HTML files, stealing sensitive info like stored FTP credentials and browser cookies, Seculert said.
A July 2011 report from Symantec said Ramnit was responsible for 17.3 percent of all new malicious software infections.
Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France.
We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.
With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.