If you happen to be on that Facebook website, you might want to be a little more careful about the links you click. A new worm is traversing the social networking service and is called Ramnit. The worm has already laid claim to the data of at least 45,000 Facebook users.
According to Seculert, which has been tracking the worm, Ramnit has mostly been focusing on users in the United Kingdom and France, but has been attacking accounts all over the world. Seculert believes the motive behind the stolen credentials may be to magnify the malware’s spread by sending links to the friends of compromised accounts.
The Microsoft Malware Protection Center (MMPC) defines the worm as a “multi-component malware family which infects Windows executable as well as HTML files.” Ramnit seems to be slumming in social media, as previous incarnations have shown the worm being capable of financial fraud.
Trusteer previously reported in August of last year Ramnit gained the ability to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.” Seculert, using Sinkhole, found that 800,000 machines had been infected with the worm in the last quarter of 2011.
Seculert has alerted Facebook to the stolen credentials, and PC Mag says that Facebook has acknowledged the problem in a statement. Apparently, the social networking service has notified those affected, but says the majority of the credentials were outdated. Although Facebook probably sees a good number of accounts compromised on a regular basis, Seculert believes the 45,000 compromised by the Ramnit variant is a sign of hackers becoming more sophisticated and are learning to use social networking’s viral power for bad. So watch what you click, and try not to use the same password for multiple services.