Facebook Speaks to IBTimes About 'Ramnit' Virus, Which Stole 45,000 Passwords

A virus has stolen user names and passwords from more than 45,000 Facebook users in the United Kingdom and France, with the intent to spread malware to users' friends.

The Ramnit worm was first discovered in April 2010 and was described by Microsoft as "a multi-component malware family which infects Windows executable as well as HTML files," and that it has been "stealing sensitive information such as stored FTP credentials and browser cookies."

In August 2011, Ramnit was discovered to have become 'financial', meaning it was targeting financial institutions, where it was able gain remote access to businesses, compromise online banking sessions and penetrate several corporate networks.

Security expert Seculert has raised now sounded the alarm that Ramnit is being used to steal Facebook users' email addresses and passwords, then logging into their accounts and sending damaging malware to their friends.

Seculert said in a blog post: "Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France."

Affected users are put into a 'security roadblock' by Facebook, where account activity is locked down until the user passes through the roadblock, where they must reset their password.

The security firms believes that Ramnit is also being used to access users' email accounts and other social networks, as many people tend to use the same email address and even password on many different websites and services.

"As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands," Seculert said, adding that it has forwarded everything it knows to Facebook.

UPDATE: A Facebook spokesperson has spoken to the International Business Times UK, and has said the following:

"Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware. Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts.

"Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices. People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook."