back to article Dammit Ramnit! Worm slurps 45,000 Facebook passwords

A bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site, security researchers have revealed. Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    If you're dumb enough to be on Facebook...

    ...then you deserve what you get.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you're dumb enough to be on Facebook

      I take it you also think people with bank accounts get what they deserve.

      Never mind, now that we've got the obligatory smart arse comment out of the way maybe the rest of us can have an adult discussion on the issues raised.

    2. Anonymous Coward
      Anonymous Coward


      Is this the standard obnoxious post that has to be on every Facebook related article? I'm not a great fan of Facebook, but seeing this comment copied and pasted is somewhat tiresome.

    3. lasersage

      who's that under the bridge

      troll alert?

    4. Loyal Commenter Silver badge

      If you're dumb enough to post that comment...

      ...then YOU deserve what you get.

    5. Marty

      time to feed the troll

      why is it every time there is a news item that involves facebook, the inevitable "If you're dumb enough to be on Facebook..."

      Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.

      Facebook is no different to the rest of the internet, only post whatever your happy with the whole of the world seeing.. forget privacy settings... assume they can be or are breached....

      1. Someone Else Silver badge

        Is it, now?


        Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.


        Oh, Really???

        I manage to keep in touch with my "less than perfect technical savvy relatives" via such time honored (but definitely un-whizzy) mechanisms as e-mail and that ol' stand-by, the telephone. Works...perfectly.

    6. Anonymous Coward
      Anonymous Coward

      Not 'being on', but 'using as' is the problem

      Being on Facebook? So now people are labelled dumb because of their hobby? (I know, I know; YHBT).

      No, there is a real but different problem to address here; people who use their Facebook credentials to authorize themselves on other websites. That is what I'd describe as something to seriously reconsider.

      Because while it may make it easier on you (one authorization to be used on dozens of websites) the risk factor also increases tremendously. Because if something ever goes awry with that single authorization you're not (temporarily?) losing access to one website, but many of them.

      Not to mention that this aspect is most likely also what makes it so appealing to try and get into ones social media account. Its not only the social media contents which is at risk here.

      Yet I get a feeling that most people don't even realize this hidden risk. Heck; how many of them would actually change their passwords on a regular basis (and I don't mean changing "p4ssw0rD2" into "p4ssw0rD3").

  2. Bryan Ansell

    Dumb enough?

    Like El Reg, you mean?

  3. Spiracle


    It's worth pointing out (as the article doesn't) that, although it spreads through FaceBook, Ramnit is a Windows-only worm.

    Users of other O/Ses shouldn't be complacent, of course.

    (Where's that Devil Bill icon gone?)

    1. Anonymous Coward
      Anonymous Coward

      Windows users deserve what they get

      I mean thats the security weakpoint in all this, not facebook which like many other things, can point to URLS.....

      1. Tchou

        The worm might rely on Windows, it does not mean it's a Windows security issue.

        A malicious program like a worm can be done on every OS.

  4. Tom Wood


    It would have been nice of you to mention *how* this thing harvests facebook passwords.

    I'm guessing it's some kind of Windows keylogger thing that won't affect someone who only uses Facebook on Linux and Android... but it might have been nice of you to mention such things.

  5. Aqua Marina

    is confused...

    ... how this bypasses 2 factor security. Does the keylogger carry an RSA key fob around with it? Surely it only captures the typed in password, and the 2 factor one that usually expires within a minute or so?

  6. ph3d

    Would be nice to find out how it passed 2 factor auth also.

    1. Pascal Monett Silver badge
      Thumb Down

      I'm sure the criminals that haven't yet mastered that particular functionality would love to get some pointers on that as well.

  7. kain preacher

    It's naive

    to say that it's only a windows problem. The fat that it can by pass two-factor authentication should have people worried . Either there is a glaring hole with RSA or that hack took more than they are saying it did .

    1. Charles 9 Silver badge

      Session hijacking.

      How do you get past a two-factor authorization? Simple. Wait until an action needing the second factor is given, then alter the details behind the scenes. The bank gets the request the malware wants and sends out the second factor request. Depending on the variant, either the user enters the second factor thinking it's for their action when it's really for the malware or a mobile extension of the malware (perhaps orchestrated by alterations made by the PC variant) snags the factor off your phone. Either way, the malware now has clearance to do its dirty work.

  8. Steven Jones


    There is surely no more word that suits the El-Reg headline style than "slurp". It's got that wonderful heady mix of being disrespectful, unsavoury, uncouth,monosyllabic, confrontational and making everybody feel ever so slightly queasy and unclean.

  9. Anonymous Coward
    Anonymous Coward

    What did you expect?

    I mean really, what do people on Facebook expect?

  10. Microphage

    Bank account-raiding Facebook worm?

    Facebook is mentioned eleven times, Twitter is mentioned once and Windows is mentioned no times.

  11. Anonymous Coward
    Anonymous Coward

    Great opportunity for Zuckerberg to show he cares about privacy...

    If Facebook were to convert all URLs posted on wall messages to ones that are first loaded and checked by Facebook then they would be able to intercept any that link to malware infected sites.

    Perhaps Facebook could team up with Google to share the processing and network load thereby doubling our security?

    1. MikeSM

      They actually have been doing this for a few months..

      however how many of your users actually read these warnings before obliviously clicking through?

  12. Pascal Monett Silver badge

    "More and more malware families have started using social networks to reach victims instead of spam"

    Good, maybe that'll lighten the load on my spam filter.

  13. Winkypop Silver badge

    Facebook users deserve.....

    ...oh, I see someone has already started that thread.

    [Goes back into FB proof cage....]

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022