Worm steals more than 45,000 Facebook logins

Malware makes off with the usernames and passwords of more than 45,000 users of the social network, mostly in France and the United Kingdom.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil

A nasty bit of malware making the rounds on Facebook has reportedly made off with the usernames and passwords of more than 45,000 users.

Most of those affected by the worm--called Ramnit--are from France and the United Kingdom, according to a bulletin issued by security researchers at Seculert. It is capable of infecting Windows executables, Microsoft Office, and HTML files, according to McAfee.

"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," Securlet said in its bulletin. "In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

The worm was first discovered in April 2010 stealing sensitive information such as stored FTP credentials and browser cookies. In August 2011, after malware developers borrowed source code from the Zeus botnet, Ramnit "went financial." With that added strength, Ramnit was able to "gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks." Approximately 800,000 machines were infected between September 2011 and the end of the year.

The security researcher has notified Facebook and provided the social-networking giant with all the stolen credentials found on Ramnit's server.