News

Ramnit malware data out-of-date, social network says

Robert Westervelt, News Director

The cybercriminals behind the notorious Ramnit malware may have been successful in stealing more than 45,000 Facebook credentials, but a spokesperson with the social network

    Requires Free Membership to View

said many of those account credentials were invalid.

Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our antivirus systems to help users secure their devices.

 Facebook spokesperson

“We have initiated remedial steps for all affected users to ensure the security of their accounts,” the Facebook spokesperson said in an email. “Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our antivirus systems to help users secure their devices.”

Researchers keeping close watch on the Ramnit worm, which is responsible for targeting financial institutions globally, discovered a cache of Facebook credentials and alerted the social network to the growing threat earlier this month. The files containing the credentials had no active timestamps, yielding no clues as to how long the data had been sitting on the rogue server, said Aviv Raff, CTO of Israel-based security threat services firm Seculert.

“It’s still active in that we’re still seeing the file being updated in real time,” Raff said.

The Facebook accounts were mainly from users in the U.K. and France. Raff said it is likely that the cybercriminals are conducting attack campaigns targeted to gain access to bank accounts in those countries. In addition to Facebook credentials, the server contained banking usernames and passwords, according to Raff. He declined to say how many stolen banking credentials were discovered.

Facebook, which boasts 800 million active users, has a mixture of security technology and an active security response team to detect anomalous account activity that could signal a fast moving threat on its network. When an account is flagged, the social network alerts affected users and can temporarily lock-out an account until the user takes remedial action. The company also partnered with McAfee in 2010 to improve its account remediation processes.

About 1 million infected machines make up the Ramnit botnet. The malware, which started out stealing FTP credentials, was converted into a financial threat last year when the Zeus and SpyEye source code became public. Raff said the latest variant adds the social networking feature in an attempt to spread the worm and grow the botnet. The Koobface worm started spreading on Facebook and then spread to Twitter and LinkedIn accounts, so researchers can’t rule out that the Ramnit authors will target other social networks.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: