‘Ramnit’ malware targets Facebook, steals passwords
Users of the world’s largest social network are at risk of having their accounts compromised by a sophisticated form of malicious software, security firm Seculert warned Thursday.
Passwords belonging to more than 45,000 Facebook accounts were discovered on a command and control server controlled by a pervasive piece of malware called Ramnit. Known as a “worm” because of its ability to self-replicate, Ramnit was recently reported to have been adapted to target banking information.
“It seems, however, that this is not the last twist,” the Israeli company said in a blog post.
“Recently, our research lab identified a completely new ‘financial’ Ramnit variant aimed at stealing Facebook login credentials.”
Most of the victims so far appear to be in the United Kingdom and France, Seculert said, with the at- tacker’s objective being to log into their accounts and transmit malicious links to their friends. It is just one of several ways the worm propagates itself, as a recent Symantec Corp. report found variations of Ramnit were responsible for 17.3 per cent of all malware infections around the world.
Approximately 4 per cent of known Ramnit infections have hit users outside of the U.K. and France, though it is unknown whether any Canadians are among them.
“In addition, cyber criminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks,” the Seculert researchers said.
Social networks have grown increasingly attractive to hackers in recent years as member profiles represent a veritable treasure trove of personal data cyber criminals can use for monetary gain.