A rampant worm by the name of Ramnit has stolen login and password information for 45,000 Facebook users, mostly in the UK and France. Prowling the 800-million-strong social network, the worm eats user names, passwords and browser cookies.
It also acts as a backdoor, meaning a hacker can attack any computer that has already been infected. According to the Microsoft Malware Protection Center, Ramnit infects Windows executables, Microsoft Office and HTML files. The Ramnit worm initially transformed into financial malware in August 2011, according to reports from Trusteer.
“What was once malware designed to steal data from financial institutions has evolved into a social network threat,” says John Weinschenk, CEO at Cybersecurity company Cenzic. “Bank account numbers and Facebook log-in credentials seem very different, but to hackers, they are equally as lucrative.”
The current composite Ramnit worm is like a Mogwai that has been hit with water, eaten food after midnight, stepped out into the sun and transformed it into a hyper-evil gremlin.
Once Ramnit joined forces with the leaked ZeuS source-code in May, the Seculert blog says it became a “Hybrid creature.” That is, it took on ZeuS’ financial-data investigative nature and gained access to financial institutions. As a result, it compromised online banking sessions and also attacked a few corporate networks. The Ramnit worm burrows through Facebook, spreading malware to the walls of thousands of innocent Facebook users.
“To combat these types of threats, consumers need to be vigilant about changing passwords often,” says Weinschenk. “Avoid clicking on unknown links, and alert their friends to a potential malicious link they might have posted.”
Facebook spam attacks like this are nothing new. A recent attack that was caused by a browser vulnerability filled users’ walls with photos of the Biebs in compromising sexual situations. Not long after, football-loving spammers nailed the Facebook community forum.
Users should keep an eye on their Facebook profiles as social network worms continue spreading.
Facebook says it blocks 200 million malicious actions per day, which include messages that send users to malware. Even still, Facebook spam is growing faster than its user base.