Feeds

back to article Dammit Ramnit! Worm slurps 45,000 Facebook passwords

A bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site, security researchers have revealed. Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

If you're dumb enough to be on Facebook...

...then you deserve what you get.

10
27
Silver badge

Re: If you're dumb enough to be on Facebook

I take it you also think people with bank accounts get what they deserve.

Never mind, now that we've got the obligatory smart arse comment out of the way maybe the rest of us can have an adult discussion on the issues raised.

22
7
Anonymous Coward

Again?

Is this the standard obnoxious post that has to be on every Facebook related article? I'm not a great fan of Facebook, but seeing this comment copied and pasted is somewhat tiresome.

7
0
Trollface

who's that under the bridge

troll alert?

1
0
Silver badge

If you're dumb enough to post that comment...

...then YOU deserve what you get.

2
0
Trollface

time to feed the troll

why is it every time there is a news item that involves facebook, the inevitable "If you're dumb enough to be on Facebook..."

Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.

Facebook is no different to the rest of the internet, only post whatever your happy with the whole of the world seeing.. forget privacy settings... assume they can be or are breached....

2
1
Silver badge
FAIL

Is it, now?

<quote>

Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.

</quote>

Oh, Really???

I manage to keep in touch with my "less than perfect technical savvy relatives" via such time honored (but definitely un-whizzy) mechanisms as e-mail and that ol' stand-by, the telephone. Works...perfectly.

0
3
Silver badge

Not 'being on', but 'using as' is the problem

Being on Facebook? So now people are labelled dumb because of their hobby? (I know, I know; YHBT).

No, there is a real but different problem to address here; people who use their Facebook credentials to authorize themselves on other websites. That is what I'd describe as something to seriously reconsider.

Because while it may make it easier on you (one authorization to be used on dozens of websites) the risk factor also increases tremendously. Because if something ever goes awry with that single authorization you're not (temporarily?) losing access to one website, but many of them.

Not to mention that this aspect is most likely also what makes it so appealing to try and get into ones social media account. Its not only the social media contents which is at risk here.

Yet I get a feeling that most people don't even realize this hidden risk. Heck; how many of them would actually change their passwords on a regular basis (and I don't mean changing "p4ssw0rD2" into "p4ssw0rD3").

0
0
FAIL

Dumb enough?

Like El Reg, you mean?

http://www.facebook.com/VultureCentral

1
0

Win32/Ramnit

It's worth pointing out (as the article doesn't) that, although it spreads through FaceBook, Ramnit is a Windows-only worm.

Users of other O/Ses shouldn't be complacent, of course.

(Where's that Devil Bill icon gone?)

6
0
Anonymous Coward

Windows users deserve what they get

I mean thats the security weakpoint in all this, not facebook which like many other things, can point to URLS.....

5
4
Stop

The worm might rely on Windows, it does not mean it's a Windows security issue.

A malicious program like a worm can be done on every OS.

0
0

How?!

It would have been nice of you to mention *how* this thing harvests facebook passwords.

I'm guessing it's some kind of Windows keylogger thing that won't affect someone who only uses Facebook on Linux and Android... but it might have been nice of you to mention such things.

16
0
Happy

is confused...

... how this bypasses 2 factor security. Does the keylogger carry an RSA key fob around with it? Surely it only captures the typed in password, and the 2 factor one that usually expires within a minute or so?

3
0
WTF?

Would be nice to find out how it passed 2 factor auth also.

2
0
Silver badge
Thumb Down

I'm sure the criminals that haven't yet mastered that particular functionality would love to get some pointers on that as well.

0
0
Bronze badge

It's naive

to say that it's only a windows problem. The fat that it can by pass two-factor authentication should have people worried . Either there is a glaring hole with RSA or that hack took more than they are saying it did .

0
0
Silver badge

Session hijacking.

How do you get past a two-factor authorization? Simple. Wait until an action needing the second factor is given, then alter the details behind the scenes. The bank gets the request the malware wants and sends out the second factor request. Depending on the variant, either the user enters the second factor thinking it's for their action when it's really for the malware or a mobile extension of the malware (perhaps orchestrated by alterations made by the PC variant) snags the factor off your phone. Either way, the malware now has clearance to do its dirty work.

0
0
Bronze badge

Slurp

There is surely no more word that suits the El-Reg headline style than "slurp". It's got that wonderful heady mix of being disrespectful, unsavoury, uncouth,monosyllabic, confrontational and making everybody feel ever so slightly queasy and unclean.

2
0
Anonymous Coward

What did you expect?

I mean really, what do people on Facebook expect?

0
2
Windows

Bank account-raiding Facebook worm?

Facebook is mentioned eleven times, Twitter is mentioned once and Windows is mentioned no times.

0
0
Anonymous Coward

Great opportunity for Zuckerberg to show he cares about privacy...

If Facebook were to convert all URLs posted on wall messages to ones that are first loaded and checked by Facebook then they would be able to intercept any that link to malware infected sites.

Perhaps Facebook could team up with Google to share the processing and network load thereby doubling our security?

0
0

They actually have been doing this for a few months..

http://www.julianevansblog.com/2011/10/facebook-launches-anti-malware-url-scanning-service.html

however how many of your users actually read these warnings before obliviously clicking through?

0
0
Silver badge

"More and more malware families have started using social networks to reach victims instead of spam"

Good, maybe that'll lighten the load on my spam filter.

0
0
Silver badge
Trollface

Facebook users deserve.....

...oh, I see someone has already started that thread.

[Goes back into FB proof cage....]

0
0
This topic is closed for new posts.