The worm appears to have collected 45,000 logins and passwords already, according to Seculert A pervasive worm has expanded its reach to now steal login and password details for Facebook users, warned security vendor Seculert, which found a server holding 45,000 login credentials.The worm, called Ramnit, infects Windows executables, Microsoft Office and HTML files, according to a profile published by Microsoft. It steals user names, passwords, browser cookies and can also function as a backdoor, allowing a hacker to do other malicious actions on an infected computer.Researchers from Seculert discovered a command-and-control server for the worm and found that it had harvested some 45,000 credentials from Facebook users, mostly in the U.K. and France, according to its blog.Aviv Raff, CTO and cofounder of Seculert, said Ramnit’s authors may be finding that attacking social networks is a more productive way to collect people’s sensitive data. “We see a growing trend of malware writers embedding social networks in the malware instead of sending the malware itself via email spam,” Raff said. “This is the same for Ramnit.”Once the Facebook login and password have been collected, it is suspected that the victim’s account is then accessed and a link is posted on their Facebook profile that leads to Ramnit, which will try and infect the computer. “We suspect that they use these credentials to continuously spread the Ramnit malware through Facebook,” Raff said.Another security vendor, Trusteer, noted last year that Ramnit appeared to have been modified in order to commit financial fraud, acquiring similar capabilities as the famous Zeus and SpyEye malicious software programs.Ramnit can inject HTML fields into a Web page and ask for information on a banking site that would not normally be asked, Trusteer noted in a blog post on Aug. 22.Seculert estimates that some 800,000 computers were infected with Ramnit between September through the end of December. A Symantec report from July 2011 put Ramnit as the most common piece of malware it blocked in June and July 2011.Ramnit’s mining of Facebook could yield passwords that people have re-used on other websites, a common mistake that gives hackers an easy in.“Many users use the same password for Facebook and other organization web services, such as SSL VPN or Outlook Web Access,” Raff said. “The attackers may use this to gain remote access to corporate networks. Same goes for their online bank account.” Send news tips and comments to jeremy_kirk@idg.com Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe