clock menu more-arrow no yes mobile

Filed under:

Ramnit malware steals 45,000 Facebook login credentials

New, 10 comments

Ramnit, a particularly nasty piece of malware, recently stole over 45,000 Facebook login credentials, mostly from users in France and the UK.

Facebook Security
Facebook Security

If you're a Facebook user in France or the UK, you might want to change your passwords. A nasty piece of malware known as Ramnit recently stole over 45,000 Facebook login credentials; 96 percent of which were from the UK or France. The worm was discovered back in April 2010 and has the capability of infecting Windows executables, Microsoft Office files, and HTML files. Seculert, an enterprise-focused internet security company, believes that Facebook accounts were targeted to use the logins to spread the Ramnit worm throughout the social network — there's also the added bonus of gathering passwords that might allow the virus into other web services, if the user happens to keep the same password across multiple accounts.

Facebook hasn't been the only target for Ramnit since it was discovered, either — Seculert notes that in the summer of 2011, Ramnit was able to "gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks." All told, the company saw some 800,000 machines infected between September 2011 and the end of the year. As for those compromised Facebook accounts, look at it this way — about 600,000 individual Facebook logins are compromised every day, according to Facebook's own infographic.

Update: Facebook clarified to ZDNet that "over half of these logins were either invalid or had old/expired passwords." The company has "initiated remedial steps for all affected users to ensure the security of their accounts" and "have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices."