How much of a problem has Ramnit malware caused for your company?

ablake

I haven't seen any examples of Ramnit, the malware that is the current Facebook spread virus/worm, infecting our machines, but given the number of people who use Facebook and the number of those who are shockingly careless, I assume it is a matter of time. How much of a serious threat has Ramnit proved to be so far?

Topic: Security
Answer this Question

Answers

1 total
jimlynch
Vote Up (20)

I'm on Macs and Linux, so I haven't had a problem with it yet. It seems to be hitting WIndows users though. Here's a background article on it for those who might not be aware of it. It certainly seems like something to be avoided if it all possible.

Part virus, part botnet, spreading fast: Ramnit moves past Facebook passwords
http://arstechnica.com/business/news/2012/01/part-virus-part-botnet-spre...

"First sighted by researchers in 2010 in its initial form, Ramnit spreads by attaching itself to Windows executable files (.EXE. .SCR and .DLL files) as well as to HTML documents. In some variants spotted earlier this year by Microsoft researchers, it also attached itself to Microsoft Office documents. Versions have also been spotted that install themselves onto USB drives when they're connected, and create an Autorun script that launches the virus' installer when the drive is plugged into another PC.

Ramnit infections exploded in the summer of 2011. According to a report from Symantec, Ramnit accounted for over 17 percent of the malware blocked by the company's antivirus software in July. Researchers at the security firm Seculert found through the installation of a "sinkhole" that between September and December of 2011, over 800,000 individual Windows PCs were infected with the virus and reporting back to a command and control network.

However it arrives on a victim's PC, the virus runs an installer that unpacks Ramnit's payload on the system, changing Windows' registry file to automatically launch the malware at startup. Ramnit uses a hidden browser instance to create a communications link, establishing a connection to a hacker's command and control network. It can then load modules that inject JavaScript and HTML into web browser sessions on the infected machine—a capability borrowed from the Zeus botnet, Klein told us.

Ask a question

Join Now or Sign In to ask a question.
Hosting provider Namecheap said Monday hackers compromised some of its users' accounts, likely using a recently disclosed list of 1.2 billion usernames and passwords compiled by Russian hackers.
While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found his own credit card number buried in its systems, a major worry.
Attackers deploy Web-based reconnaissance tool to gather information about potential targets in different industries
Europol launched a cybercrime task force Monday to fight online crime in the EU and other countries.
A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage, earning its creators more than US$1 million, researchers found.
Former U.S. Secretary of State Hillary Clinton called for a "global compact" on surveillance and the use of collected data, saying the U.S. isn't the only country that does it and American technology companies are unfairly targeted for the government's actions.
Electric carmaker Tesla Motors wants security researchers to hack its vehicles. The Silicon Valley based high-tech carmaker will hire up to 30 full-time hackers whose job will be to find and close vulnerabilities in the sophisticated firmware that controls its cars.
Two recent vulnerabilities are examples of problems that could have been avoided if we had just applied the lessons already learned in similar contexts.
Windows XP users may now download a fourth service pack for the 13-year-old operating system, but it isn't coming from Microsoft.
The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+