The cybercriminals behind the notorious Ramnit malware can have been successful in stealing greater than 45,000 Facebook credentials, but a spokesperson with the social network said lots of those account credentials were invalid.
Thus far, we haven't seen the virus propagating on Facebook itself, but have begun working with our external partners so as to add protections to our antivirus systems to assist users secure their devices. Facebook spokesperson
“We have initiated remedial steps for all affected users to make certain the protection in their accounts,†the Facebook spokesperson said in an email. “Thus far, we haven't seen the virus propagating on Facebook itself, but have begun working with our external partners so as to add protections to our antivirus systems to assist users secure their devices.â€
Researchers keeping close watch at the Ramnit worm, that is answerable for targeting financial institutions globally, discovered a cache of Facebook credentials and alerted the social network to the growing threat earlier this month. The files containing the credentials had no active timestamps, yielding no clues as to how long the information have been sitting at the rogue server, said Aviv Raff, CTO of Israel-based security threat services firm Seculert.
“It's still active in that we're still seeing the file being updated in real time,†Raff said.
The Facebook accounts were mainly from users inside the U.K. and France. Raff said it's likely that the cybercriminals are conducting attack campaigns targeted to achieve access to bank accounts in those countries. Along with Facebook credentials, the server contained banking usernames and passwords, in keeping with Raff. He declined to assert what number of stolen banking credentials were discovered.
Facebook, which boasts 800 million active users, has a mix of security technology and an active security response team to detect anomalous account activity which could signal a quick moving threat on its network. When an account is flagged, the social network alerts affected users and will temporarily lock-out an account until the user takes remedial action. The company also partnered with McAfee in 2010 to enhance its account remediation processes.
About 1 million infected machines make up the Ramnit botnet. The malware, which started off stealing FTP credentials, was converted right into a financial threat last year when the Zeus and SpyEye source code became public. Raff said the most recent variant adds the social networking feature in an try to spread the worm and grow the botnet. The Koobface worm started spreading on Facebook after which spread to Twitter and LinkedIn accounts, so researchers can't rule out that the Ramnit authors will target other social networks.
Nessun commento:
Posta un commento
Comments links could be nofollow free