• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Ramnit Worm Stealing Facebook Account Passwords, E-mail Address & Bank Details

January 5, 2012

Views: 20,502

Oh look, another Facebook worm – this one seems pretty nasty and as usual it’s going for Facebook access details and then diving into banking credentials if it can find them.

It’s mostly targeted at the UK though, worms of these type usually are geographically limited as they are targeting bank information – it’s better to go after a certain niche of users.

45,000 isn’t a huge number though considering the latest stats say there are over 30 millions Facebook users from the UK alone.

A bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site, security researchers have revealed.

Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and associated email addresses. Experts from Seculert, who found the controller node, have supplied Facebook with a list of all the stolen credentials found on the server. Most of the victims are from either the UK or France.

Ramnit differs from other worms, such as Koobface, that have used Facebook to spread because it relies on multiple infection techniques and has only recently extended onto social networks. Koobface, by contrast, only uses Facebook or Twitter to spread.

“Ramnit started as a file infector worm which steals FTP credentials and browser cookies, then added some financial-stealing capabilities, and now recently added Facebook worm capabilities,” Aviv Raff, CTO at Seculert, told El Reg.

“We suspect that they use the Facebook logins to post on a victim’s friends’ wall links to malicious websites which download Ramnit,” he added.

There was indeed Koobface some time back, but that was purely on Facebook – the danger with worms like Ramnit is that Facebook is only 1 of the vectors they are using to spread.

It’s a good job researchers got hold of one the command and control nodes – or this could have gotten a whole lot messier. Facebook has been pretty good lately blocking malicious strings and clamping down on worms as soon as they show up.

Ramnit first appeared in April 2010. By last July variants of the malware accounted for 17.3 per cent of all new malicious software infections, according to Symantec. A month later Trusteer reported that flavours of Ramnit were packing sophisticated banking login credential snaffling capabilities – technologies culled from the leak of the source code of the notorious ZeuS cybercrime toolkit at around the same time.

The new Ramnit configuration was able to bypass two-factor authentication and transaction-signing systems used by financial institutions to protect online banking sessions. The same technology might also be used to bypass two-factor authentication mechanisms in order to gain remote access to corporate networks, Seculert warns.

The move onto Facebook by the miscreants behind Ramnit seems designed primarily to expand the malware’s distribution network and infect more victims.

“We suspect that the attackers behind Ramnit are using the stolen credentials to expand the malware’s reach,” Seculert concludes, adding that capturing the login credentials of Facebook accounts creates a means to attack more sensitive accounts that happen to use the same email address and password combination.

“The cyber-criminals are also taking advantage of the fact that people usually use the same passwords for different web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks,” it said.

The Ramnit outbreak on Facebook follows the November outbreak of an earlier worm that tried to infect victims with a variant of ZeuS.

The scary part is that the latest version of Ramnit can bypass two factor authentication! I’m not exactly sure how it does that, but it seems to have snagged a lot of features from the source code leak of ZeuS.

I would agree with the article though, people do tend to re-use passwords, they trust things shared on Facebook and it’s a good platform to spread malware rapidly.

Source: The Register

Related Posts:

  • Privacy Implications of Web 3.0 and Darknets
  • An Introduction To Web Application Security Systems
  • Understanding the Deep Web, Dark Web, and Darknet…
  • Massive Yahoo Hack - 500 Million Accounts Compromised
  • What You Need To Know About KRACK WPA2 Wi-Fi Attack
  • TeamViewer Hacked? It Certainly Looks Like It
Share
Tweet
Share10
Buffer
WhatsApp
Email
10 Shares

Filed Under: Malware, Spammers & Scammers, Web Hacking Tagged With: facebook, facebook malware, facebook security, facebook worm, hacking-facebook, malware, viruses, worm



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

TREVORspray - Credential Spray Toolkit for Azure, Okta, OWA & More

TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Views: 277

TREVORspray is a purpose-built password spraying utility designed for red teams and offensive … ...More about TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More

Force Push Scanner - Hunt GitHub Dangling Commits for Leaked Secrets

Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Views: 321

Force Push Scanner is an offensive security tool that identifies secrets inadvertently left in … ...More about Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Views: 3,912

Darknet marketplaces remain central to illicit trade in 2025, with evolving business models, payment … ...More about Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends

Caracal - Rust eBPF Rootkit for Stealthy Post-Exploitation

Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Views: 499

Caracal is a new Rust-based eBPF (extended Berkeley Packet Filter) rootkit that provides a stealth … ...More about Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation

Windows_EndPoint_Audit - Endpoint Security Auditing Toolkit

Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Views: 556

Windows_EndPoint_Audit from ITAuditMaverick introduces a powerful method for offensive security … ...More about Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit

Malvertising and TDS Cloaking Tactics Uncovered

Malvertising and TDS Cloaking Tactics Uncovered

Views: 388

As digital advertising continues to be exploited by malicious actors, malvertising and Traffic … ...More about Malvertising and TDS Cloaking Tactics Uncovered

Topics

  • Advertorial (28)
  • Apple (46)
  • Cloud Security (2)
  • Countermeasures (231)
  • Cryptography (84)
  • Dark Web (1)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (432)
  • Forensics (65)
  • GenAI (4)
  • Hacker Culture (9)
  • Hacking News (230)
  • Hacking Tools (688)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (240)
  • Networking Hacking Tools (353)
  • Password Cracking Tools (105)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (119)
  • Security Software (236)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (170)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker Hacker – Download brutus-aet2.zip AET2 (2,332,893)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,352)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,838)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,811)
  • Password List Download Best Word List – Most Common Passwords (933,799)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,470)
  • Hack Tools/Exploits (673,471)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,458)

Search

Recent Posts

  • TREVORspray – Credential Spray Toolkit for Azure, Okta, OWA & More July 14, 2025
  • Force Push Scanner – Hunt GitHub Dangling Commits for Leaked Secrets July 11, 2025
  • Emerging Darknet Marketplaces of 2025 Anatomy Tactics & Trends July 9, 2025
  • Caracal – Rust eBPF Rootkit for Stealthy Post-Exploitation July 7, 2025
  • Windows_EndPoint_Audit – Endpoint Security Auditing Toolkit July 4, 2025
  • Malvertising and TDS Cloaking Tactics Uncovered July 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy