What do you do with a worm used for financial fraud when that gig starts to feel a little stale? You use it to steal Facebook logins and spam malware.
That’s what has happened in the case of Ramnit, a malicious worm that has been spreading via executable and HTML files since April of 2010 (yes, almost two years ago). Security firm Seculert recently noticed that it has begun to target Facebook users, stealing their login credentials. Most of the users targeted so far live in the United Kingdom and France.
While it’s impossible to know exactly why these logins were stolen, it’s fairly easy to guess. Compromised Facebook logins are an excellent way to spread malware or conduct phishing attacks. A simple wall post with a shortened URL can easily direct the friends of a compromised account to malicious websites. This can allow malware to spread or trick users into giving up personal information.
It’s also possible that victims with compromised accounts could have them used to grant access to other services. Many people use the same password for Facebook as they do for other sites including email and even online banking. In addition, most people list their employers on their profile, which opens up the possibility of attacks against governments and corporations.
Consider this a reminder that you shouldn’t use the same password for all your accounts. Also, it’s wise not to click through links on social networking sites without using a website or browser plugin that can reveal the link’s full URL, making it possible to verify that it goes where it claims.
Source: Ars Technica