Thieves Steal 45,000 Facebook Passwords Using Ramnit Malware

More than 45,000 passwords were stolen from Facebook account holders by thieves using Ramnit, a variant of malware that has been found in the networks of corporations and financial institutions, a security vendor reported Thursday.

Israel-based Seculert found the stolen passwords on a remote server and notified the social network, the world's largest with more than 800 million registered users. Most of the private data was taken from Facebook account holders in the United Kingdom and France.

The thieves used a variant of the Ramnit malware that was first discovered in April 2010, Seculert said.

The Microsoft Malware Protection Center describes Ramnit as a "family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files." In July 2011, Symantec reported that Ramnit worm variants accounted for more than 17 percent of malicious software blocked by security technology used to protect PCs attached to a corporate network.

On Facebook, the malware uses the stolen login credentials to enter accounts and spread itself through malicious links sent to the account holders' friends. The cybercriminals behind such attacks are taking advantage of the fact that many people use the same passwords for multiple Web services, such as Gmail, a corporate network or online banking service.

"It appears that sophisticated hackers are now experimenting with replacing the old-school e-mail worms with more up-to-date social network worms," Seculert said in its research lab blog.

Ramnit variants have been used to infiltrate the networks of corporations and financial institutions. "What was once malware designed to steal data from financial institutions has evolved into a social network threat," John Weinschenk, chief executive of security firm Cenzic, said in an e-mailed commentary.

Seculert found 800,000 computers infected with Ramnit variants from September to the end of December last year.