Security researchers have revealed that a bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site. The worm, called Ramnit, originally discovered in April 2010 by the Microsoft Malware Protection Center (MMPC) is “a multi-component malware family which infects Windows executable as well
as HTML files, stealing sensitive information such as stored FTP credentials and browser cookies”.
In August 2011, Trusteer reported that Ramnit went ‘financial’. Following the leakage of the ZeuS source-code in May, it has been suggested that the hackers behind Ramnit merged several financial-fraud spreading capabilities to create a “Hybrid creature” which was empowered by both the scale of the Ramnit infection and the ZeuS financial data-sniffing capabilities. This synergy has enabled Ramnit to bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks. With the use of a Sinkhole, Seculert discovered that approximately 800,000 machines were infected
with Ramnit from September to end of December 2011.
Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and associated email addresses. Experts from Seculert, who found the controller node, have supplied Facebook with a list of all the stolen credentials found on the server. Most of the victims are from either the UK or France.
“The cyber-criminals are also taking advantage of the fact that people usually use the same passwords for different web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks,” Seculert said.
This highlights the need for unique passwords for each web-based service you use. My advise is to use the same password root, for example smith123 then add on a 5 character combination with describes the web service you are using. For example for Facebook, smith123fbook, twitter smith123itter etc.