The Tech Herald

Financial Malware now targeting Facebook accounts

by Steve Ragan - Jan 6 2012, 08:00

Financial Malware now targeting Facebook accounts. (IMG:J.Anderson)

Malware, which was discovered in 2010 and used to target financial data, has been reengineered to target Facebook, according to researchers from Seculert. So far, a single list of 45,000 credentials - primarily from France and the U.K. - is the only proof of the new modification.

The Malware in question, Ramnit, is described by Microsoft as a “multi-component malware family which infects Windows executable as well as HTML files.”

Security firm Trusteer concluded that Ramnit started targeting finances shortly after the source code for the Zeus family of Malware was leaked to the web.

In addition, Trusteer said that Ramnit’s developers merged several financially-based attack vectors to create a hybrid family of Malware; capable of bypassing additional layers of security such two-factor authentication.

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further,” Seculert said.

Expanding on that, Michael Sutton, VP of Security Research at Zscaler, added, 'Ramnit is a reflection of a shift that has been ongoing in the malware domain for some time.”

“Ramnit was not initially designed to harvest Facebook credentials, but the Ramnit maintainers have recognized the value of Facebook accounts for propagation. Whereas email can be easily spoofed and is therefore more likely to be ignored, receiving communication from a trusted contact on Facebook will have much higher click-through rates. Victims are simply not aware that the 'trusted' Facebook account, from which the communication was received, may itself have already been compromised...”

Seculert said they provided Facebook with a complete list of compromised accounts. They noted that the tendency to recycle password could play a role in using the harvested Facebook credentials to access VPN services, email, and various other accounts online.

At its peak, Ramnit was able to compromise some 800,000 systems in the final quarter of 2011.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  — as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.

#MyTurnToJag and Playboy: How Jaguar targets men

Jaguar has launched a new Twitter campaign called #MyTurnToJag to advertise its new F-Type — as well as teaming up with men’s magazine PLAYBOY. The #MyTurnToJag competition gives members of the public the chance to drive one of their new sports cars. And it comes after the firm helped announce Raquel Pomplun, left, as Playboy’s Playmate of [...]

The post #MyTurnToJag and Playboy: How Jaguar targets men appeared first on Autosaur.