Ramnit worm goes social; site says steps taken to improve security
Facebook has admitted the credentials of around 45,000 users has been compromised, but insisted that the majority of the stolen data was out of date.
Security firm Seculert revealed this week that a worm called Ramnit, which has actually been around since April 2010 but focused on banking details, has switched its attention to Facebook. According to Seculert’s blog the worm has stolen over 45,000 login credentials, mostly from users in the UK and France.
The company believes the stolen logins were being used to propagate the malware further. "We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further," the blog said.
However the company also warned of a potential risk to businesses, as many people use the same password for many different sites. "In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks," Seculert warned.
The company said it alerted Facebook to the security breach. Facebook released a statement to the BBC, saying they have taken steps to plug the hole.
"Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware. Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts," the statement said.
The statement added: "Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices. People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook."
The social network giant recommends the people join its Facebook Security page.