Most of those affected by the worm--called Ramnit--are from France and the United Kingdom, according to a bulletin issued by security researchers at Securlet. It is capable of infecting Windows executables, Microsoft Office, and HTML files, according to McAfee.
"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Securlet said in its bulletin. "In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."
The worm was first discovered in April 2010 stealing sensitive information such as stored FTP credentials and browser cookies. In August 2011, after malware developers borrowed source code from the Zeus botnet, Ramnit "went financial." With that added strength, Ramnit was able to "gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks." Approximately 800,000 machines were infected between September 2011 and the end of the year.
The security researcher has notified Facebook and provided the social-networking giant with all the stolen credentials found on Ramnit's server.
Post a Comment