The infamous "Ramnit" computer worm has taken on a new life as a piece of financial malware, and it's currently spreading through Facebook and scooping up thousands of users' login credentials.
Researchers at the Israeli firm Seculert found a variant of Ramnit that has stolen more than 45,000 Facebook users' credentials, mostly United Kingdom and French users, and infected approximately 800,000 machines from September to December 2011.
Spreading through wall posts with links to rigged websites, the new Ramnit worm takes a page from the Zeus Trojan, stealing people's Facebook account information and using it to target their online banking details.
Ramnit can "bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks," Seculert wrote in a blog post today (Jan. 5).
Discovered in April 2010, Ramnit originally infected HTML and Windows executable files to steal browser cookies and stored FTP credentials. Last August, however, Seculert believes the hackers used portions of the leaked Zeus Trojan's source code to create a "hybrid creature" that could efficiently spread, and steal, on a large scale.
The hackers behind the reworked Ramnit Facebook worm have their sights set on more than just targets' banking credentials, Seculert said. The attackers, "are taking advantage of the fact that users tend to use the same password in various Web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."
This is as good a case as can be made for the dangers of multiple-use passwords, and the importance of choosing different passwords for all your online accounts and for making each one difficult to crack. For a guide on how best to create and remember secure passwords, click here.
Copyright 2011 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.