45,000 stolen Facebook logins found

By on
45,000 stolen Facebook logins found

Ramnit virus variant harvested login credentials to a single server.

The ever-evolving Ramnit worm is back, and has harvested more than 45,000 Facebook login credentials primarily from users in the UK and France.

Seculert Research Lab discovered a command-and-control (C&C) server holding the pilfered data in  an open directory called "Facebook," with a text file called "Facebook accounts".

Seculert CTO Aviv Ruff said the file contained more than 45,000 unique Facebook usernames and passwords.

"We suspect that the attackers behind Ramnit are using the stolen credentials to expand the malware's reach," Seculert said.

The threat was first discovered in April 2010. Prior variants have infected Windows executable and HTML files, and stole stored data, including usernames, passwords, login credentials and browser cookies.

Previous strains also have functioned as a backdoor, enabling a cyber thief to gain control of an infected computer.

Last July, Symantec reported that Ramnit was the most-blocked malware, accounting for 17 percent of incidents.

A variant spread a month later that incorporated source code from the notorious Zeus trojan, rendering it a hybrid capable of stealing financial assets.

Seculert said it was able to "bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks."

Computers are infected through drive-by download attacks, which occur when users simply visit a malicious website and become infected without taking any action.

Machines also can be impacted if users click on rogue email links.

In the case of Facebook, once the attackers steal a user's login and password to the social networking site, they can access the victim's account to direct others to Ramnit.

Users should never click on suspicious links, even if posted by one of their friends on Facebook, Raff said. Also they should not share passwords across online accounts.

Seculert provided Facebook with all of the stolen credentials it detected on the Ramnit C&C servers.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?