Facebook boosts security after worm steals logins


Facebook has pledged to improve security after login information was purportedly stolen by a nasty piece of malware.

Researchers from Seculert claimed over 45,000 Facebook logins had been acquired by cyber criminals running the Ramnit worm.

Most of the logins were of users from the UK and France, Seculert said.

Thus far, we have not seen the virus propagating on Facebook itself.

Ramnit, previously believed to be a largely financially-focused malware family, is believed to have infected around 800,000 machines between September and December 2011.

"Our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials," a blog from Seculert read.

"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cyber criminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."

Having received the data from Seculert, Facebook said the majority of it was "out-of-date." Nevertheless, it has taken steps to alert affected users and improve security on the site.

"We have initiated remedial steps for all affected users to ensure the security of their accounts. Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices," a spokesperson told IT Pro.

"People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information."

Facebook has been quick to rebuff security scares before. In October last year, reports suggested a group calling themselves Team Swastika had stolen 10,000 account logins.

The social network quickly noted the details did not relate to any active accounts.

Later that month, Facebook rejected claims 600,000 accounts were being compromised every day.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.