A famous worm called Ramnit worm has been actively found in the facebook environment. It is reported by Symantec that this worm is responsible for the theft of more than 45k facebook passwords.
"We suspect that they use the Facebook logins to post on a victim's friends' wall links to malicious websites which download Ramnit," he added.Ramnit started as a file infector worm which steals FTP credentials and browser cookies, then added some financial-stealing capabilities, and now recently added Facebook worm capabilities.According to Cyberthreat management site Seculert, most of the stolen credentials were from US, UK and France, Furthermore they have added that over the of these stolen logins were invalid and many of them have reacted correctly by changing their username and passwords.
Ramnit first appeared in April 2010. By last July variants of the malware accounted for 17.3 per cent of all new malicious software infections, according to Symantec. A month later Trusteer reported that flavours of Ramnit were packing sophisticated banking login credential snaffling capabilities - technologies culled from the leak of the source code of the notorious ZeuS cybercrime toolkit at around the same time.
The new Ramnit configuration was able to bypass two-factor authentication and transaction-signing systems used by financial institutions to protect online banking sessions. The same technology might also be used to bypass two-factor authentication mechanisms in order to gain remote access to corporate networks, Seculert warns.We suspect that the attackers behind Ramnit are using the stolen credentials to expand the malware’s reach," Seculert concludes, adding that capturing the login credentials of Facebook accounts creates a means to attack more sensitive accounts that happen to use the same email address and password combination. "The cyber-criminals are also taking advantage of the fact that people usually use the same passwords for different web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.
HOW TO PROTECT :- 1. Never click on strange links and report any suspicious activity you encounter on Facebook.
2. Update your Antivirus
0 comments:
Post a Comment