Onyx Myanmar Just another Onyx Myanmar Weblog

Worm steals more than 45,000 Facebook login

Nigh of those struck by the worm--called Ramnit--are from France and the United Kingdom, granting to a bulletin issued by security researchers at Securlet. It is open of infecting Windows executables, Microsoft Office, and HTML files, granting to McAfee.

"We suspect that the attackers behind Ramnit are employing the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's ranch even further," Securlet pronounced in its bulletin. "In addition, cybercriminals are taking advantage of the fact that users tend to exercise the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

The worm was first discovered in April 2010 stealing sensitive information such as stored FTP credentials and browser cookies. In August 2011, later malware developers borrowed generator code from the Zeus botnet, Ramnit "went financial." With that added strength, Ramnit was able to "gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks." Approximately 800,000 machines were infected between September 2011 and the close of the year.

The security researcher has notified Facebook and provided the social-networking giant with completely the stolen credentials found on Ramnit's server.