Yesterday we reported that the squiggly little beast Ramnit stole 45,000 logins and passwords, but Facebook has confirmed that those came from mostly “invalid” accounts.
“Last week we received from external security researchers a set of user credentials that had been harvested by a piece of malware,” a Facebook spokesperson told us. “Our security experts have reviewed the data, and while the majority of the information was out-of-date, we have initiated remedial steps for all affected users to ensure the security of their accounts.”
But what exactly does “invalid” mean? According to Facebook, it might include an email not associated with a Facebook account, an invalid password or an old/expired password.
The world’s largest social network was pretty lucky that Ramnit didn’t hit up active accounts in Brazil, where the user base grew by nearly 300% or in Japan, which experienced 254% growth over the past year.
Microsoft first discovered the Ramnit worm nearly two years ago in April 2010. If accidentally downloaded, it infects Windows executable files, Microsoft Office files and HTML files. It can also spread to removable drives, stealing FTP credentials and browser cookies. In August 2011, Ramnit transformed and began attacking financial websites. By January 2012, it started jacking social network accounts. Users who used the same password across multiple accounts were at the highest risk.
Users who accidentally downloaded the malware invited Ramnit onto their computer. Seculert found that a total of 800,000 machines were invaded by the worm between September-December 2011.
In November 2011, ZDNet reported on a similar worm, which enticed users into clicking on a photo of two blonde ladies. If clicked, the malware would burrow into the user’s computer and attempt to steal banking information.
