Worm Infects 45,000 Facebook Users, Then Goes After Their Friends

Most of the time when you click on a Facebook link that a friend has posted, you get something nice. An amusing photo of a man embarrassed by his decisions. A video of Maru jumping into a box. But, if your friend has been infected with the Ramnit worm, you'll end up losing something.

Security company Seculert had been tracking the Ramnit worm when it discovered that the little beast jumped from committing financial fraud to stealing Facebook login credentials. Discovered in April of 2010, the worm is a multi-component malware that infects Windows executables, Office files, and HTML files. Once infected, it uses those files to steal authentication and transaction signing systems according to Microsoft.

Seculert states in a blog post:

We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.

So far the worm's Facebook invasion seems to be confined to mostly the UK and France. Still, it's always a good idea to switch up your passwords regularly. Not only on Facebook, but on any system that requires you to log in. [Seculert via Ars Technica]