A new variant of the Ramnit worm has managed to steal log-in credentials for several thousand Facebook accounts, most of which were from the United Kingdom and France, according to researchers at Seculert. Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and associated email addresses.
Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report [PDF] estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.
Trusteer previously reported in August of last year Ramnit gained the ability to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.” Seculert, using Sinkhole, found that 800,000 machines had been infected with the worm in the last quarter of 2011.
It was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France. In a statement, Facebook said it was applying security measures to contain the problem.
“Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware. Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts. Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices. People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information.”
566823 563269Id always want to be update on new weblog posts on this internet website , bookmarked ! . 793402
606564 687026As I website owner I conceive the content material material here is rattling exceptional , thanks for your efforts. 66259
689559 391346The article posted was extremely informative and useful. You folks are performing an excellent job. Keep going. 859806
561944 112535This is a excellent blog. Maintain up all the work. I too really like to blog. This really is fantastic everyone sharing opinions 32928
713041 819872This really is often a fantastic blog, could you be interested in working on an interview about just how you developed it? If so e-mail myself! 964823
30530 739283Hi. Thank you for making this site . I m working on betting online niche and have identified this website employing search on bing . Will probably be positive to look much more of your content . Gracias , see ya. :S 651592