The Ramnit worm, which has morphed into dangerous financial malware, is additionally stealing credentials from Facebook users, in keeping with new research published Thursday.
Ramnit has already infected over 800,000 infected machines worldwide, and it has only begun to steal Facebook login credentials so, i suppose it is just an issue of time until the choice of will grow.Aviv Raff, founder and CTO, SeculertÂ
Researchers at Israeli security firm Seculert have discovered a cache of Facebook login credentials stolen by cybercriminals in command of Ramnit. The accounts were mainly from Facebook users within the UK and France.
The company said a brand new Ramnit variant was behind the Facebook credential pilfering. Aviv Raff, founder and CTO of Seculert said Ramnit is a major threat to enterprises because attackers could use the account credentials to check out to access corporate networks because it is usual for end users to make use of the identical credentials for multiple accounts.
“Ramnit has already infected over 800,000 infected machines worldwide, and it has only begun to steal Facebook login credentials so, i suppose it is only a question of time until the number of will grow,†Raff said in an email message.
Raff said his research team suspects Ramnit is being controlled by a particular group of cybercrimianls because the malware will never be being sold in underground forums. Members of the crowd likely specialise in different nation-states, sending different variants of the Ramnit malware, he said.
In addition, the cybercriminals controlling Ramnit can quickly spread it by way of the stolen credentials.
“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further,†the corporate said in its analysis.
Ramnit at one time was deemed a low-level concern by most security experts. It initially used an older generation of malicious techniques to contaminate Microsoft Windows executable files Ramnit morphed last summer right into a more powerful piece of malware when its owners used freely available Zeus source code to make it more beneficial. The malware commonly steals saved FTP credentials and browser cookies.
In August 2011, Boston-based security vendor Trusteer issued research into Ramnit, indicating that new variants using the Zeus code support man-in-the-browser attacks, enabling cybercriminals to avoid two-factor authentication, modify Web sites and covertly insert banking transactions.
“Ramnit's authors followed the everyday approach of malicious financial activities, supporting all basic features required for well-bred financial malware,†Trusteer said.
Nessun commento:
Posta un commento
Comments links could be nofollow free