The activity of the new version of the Ramnit worm on social networks was noted
Analysts company Seculert published their observations on the activity of the new version of Ramnit worm, which has previously been repeatedly seen as a tool to commit fraud related to financial transactions on the Internet.
The first activity of Ramnit was discovered by experts back in 2010, when it, when it infected Windows executable files, when the latter were launched on the victim’s computer, it could spread, infecting HTML, DLL, DOC, XLS and SCR files at the same time. The malware control servers, as defined by Symantec, are located in Germany, and a characteristic feature of Ramnit was that it connected to its “host” using HTTPS.
In May 2011, at one of the hacker forums, the source code of the infamous Trojan was publishedZeus , which, in all likelihood, did not fail to take advantage of the author (s) Ramnit. Studies of several anti-virus companies at once showed that the “malware” acquired a new functionality inherited from Zeus, namely the ability to integrate into the browser and modify the contents of the target web page.
As a result, being able to bypass the two-factor authentication mechanism and transaction signing systems, Ramnet infected about 800,000 computers from September to December last year, most of which were ordinary users. Now, the worm has received new functionality that helps it spread thanks to the ubiquitous popularity of social networks: Ramnit is able to steal logins and passwords to Facebook, thus compromising the user's account so that his friends receive a malicious link, clicking on which contributes to the further spread of the worm.
Seculert experts have already discovered the theft of about 45,000 passwords for the social network, mainly in England and France, which, of course, looks insignificant on the scale of the network itself. Nevertheless, the very fact of a new way of spreading a dangerous worm, threatening financial losses for users, makes us once again think about its security, especially in such a "densely populated" place as the most popular social network in the world.
[ Source ]
The first activity of Ramnit was discovered by experts back in 2010, when it, when it infected Windows executable files, when the latter were launched on the victim’s computer, it could spread, infecting HTML, DLL, DOC, XLS and SCR files at the same time. The malware control servers, as defined by Symantec, are located in Germany, and a characteristic feature of Ramnit was that it connected to its “host” using HTTPS.
In May 2011, at one of the hacker forums, the source code of the infamous Trojan was publishedZeus , which, in all likelihood, did not fail to take advantage of the author (s) Ramnit. Studies of several anti-virus companies at once showed that the “malware” acquired a new functionality inherited from Zeus, namely the ability to integrate into the browser and modify the contents of the target web page.
As a result, being able to bypass the two-factor authentication mechanism and transaction signing systems, Ramnet infected about 800,000 computers from September to December last year, most of which were ordinary users. Now, the worm has received new functionality that helps it spread thanks to the ubiquitous popularity of social networks: Ramnit is able to steal logins and passwords to Facebook, thus compromising the user's account so that his friends receive a malicious link, clicking on which contributes to the further spread of the worm.
Seculert experts have already discovered the theft of about 45,000 passwords for the social network, mainly in England and France, which, of course, looks insignificant on the scale of the network itself. Nevertheless, the very fact of a new way of spreading a dangerous worm, threatening financial losses for users, makes us once again think about its security, especially in such a "densely populated" place as the most popular social network in the world.
[ Source ]