The worm went from infecting executable files to stealing Facebook accounts

Jan 5, 2012 15:20 GMT  ·  By

The malicious worm called Ramnit was discovered in April 2010 and it has been making rounds on the Internet ever since. If at first the worm was infecting HTML and executable files, its latest variant has been spotted by security researchers to target the Facebook accounts of users worldwide.

Seculert reports that over 45,000 individuals have already fallen victim to Ramnit’s latest operations, most of them being located in the UK and France.

In July 2011, Symantec reported that Ramnit was responsible for more than 17% of all malicious software infections and now it seems that the new variants are designed to target social media accounts.

Between September and the end of December 2011 around 800,000 devices were infected by the worm that at the time was programmed to go after financial institutions, banking sessions and corporate networks.

Since the new Ramnit’s command and control center is visible and accessible, experts are able to determine the precise number of Facebook victims it has made so far. It turns out that 69% are from the UK, 27% from France and the other 4% are distributed in other countries.

Most likely, the cybercriminals rely on Facebook accounts to spread their malicious scheme from one social media customer to the other.

As we’ve witnessed lately, social networking accounts can be highly valuable to crooks since they can utilized them to make their plots look more realistic. Victims are more likely to click on a link that’s coming from a friend than on one sent by a suspicious user.

Researchers conclude that hackers are currently experimenting with social network worms which are more efficient than the old email worms that have been seen until recently.

Seculert notified Facebook on the presence of the worm and also provided the list of stolen credentials they found on Ramnit’s servers.