Facebook boosts security after worm steals logins
By Tom Brewster,
Facebook has pledged to improve security after login information was purportedly stolen by a nasty piece of malware.
Researchers from Seculert claimed over 45,000 Facebook logins had been acquired by cyber criminals running the Ramnit worm.
Most of the logins were of users from the UK and France, Seculert said.
Thus far, we have not seen the virus propagating on Facebook itself.
Ramnit, previously believed to be a largely financially-focused malware family, is believed to have infected around 800,000 machines between September and December 2011.
"Our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials," a blog from Seculert read.
"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further. In addition, cyber criminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks."
Having received the data from Seculert, Facebook said the majority of it was "out-of-date." Nevertheless, it has taken steps to alert affected users and improve security on the site.
"We have initiated remedial steps for all affected users to ensure the security of their accounts. Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices," a spokesperson told IT Pro.
"People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information."
Facebook has been quick to rebuff security scares before. In October last year, reports suggested a group calling themselves Team Swastika had stolen 10,000 account logins.
The social network quickly noted the details did not relate to any active accounts.
Later that month, Facebook rejected claims 600,000 accounts were being compromised every day.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
