How much of a problem has Ramnit malware caused for your company?

ablake

I haven't seen any examples of Ramnit, the malware that is the current Facebook spread virus/worm, infecting our machines, but given the number of people who use Facebook and the number of those who are shockingly careless, I assume it is a matter of time. How much of a serious threat has Ramnit proved to be so far?

Topic: Security
Answer this Question

Answers

1 total
jimlynch
Vote Up (18)

I'm on Macs and Linux, so I haven't had a problem with it yet. It seems to be hitting WIndows users though. Here's a background article on it for those who might not be aware of it. It certainly seems like something to be avoided if it all possible.

Part virus, part botnet, spreading fast: Ramnit moves past Facebook passwords
http://arstechnica.com/business/news/2012/01/part-virus-part-botnet-spre...

"First sighted by researchers in 2010 in its initial form, Ramnit spreads by attaching itself to Windows executable files (.EXE. .SCR and .DLL files) as well as to HTML documents. In some variants spotted earlier this year by Microsoft researchers, it also attached itself to Microsoft Office documents. Versions have also been spotted that install themselves onto USB drives when they're connected, and create an Autorun script that launches the virus' installer when the drive is plugged into another PC.

Ramnit infections exploded in the summer of 2011. According to a report from Symantec, Ramnit accounted for over 17 percent of the malware blocked by the company's antivirus software in July. Researchers at the security firm Seculert found through the installation of a "sinkhole" that between September and December of 2011, over 800,000 individual Windows PCs were infected with the virus and reporting back to a command and control network.

However it arrives on a victim's PC, the virus runs an installer that unpacks Ramnit's payload on the system, changing Windows' registry file to automatically launch the malware at startup. Ramnit uses a hidden browser instance to create a communications link, establishing a connection to a hacker's command and control network. It can then load modules that inject JavaScript and HTML into web browser sessions on the infected machine—a capability borrowed from the Zeus botnet, Klein told us.

Ask a question

Join Now or Sign In to ask a question.
A security audit of 10 popular Internet-connected devices -- components of the so-called "Internet of things" -- identified an alarmingly high number of vulnerabilities.
It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.
The secure mobile vendor wants to be more secure.BlackBerry plans to buy a German vendor specializing in voice encryption.
The EU court ruling that gives people the "right to be forgotten" by search engines is misguided in principle and unworkable in practice, said a U.K. House of Lords subcommittee Wednesday.
An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.
Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.
Now that BlackBerry has fallen significantly behind Apple and Google in the race to offer features and third-party apps for its smartphones, the company is concentrating on providing devices that, it claims, have the strongest available security -- the killer feature for the enterprise.
Today's hotels are unfortunately vulnerable to types of attempted fraud. Here's how to keep data safe when you travel.
U.S. Senator Patrick Leahy has introduced a new version of a bill to rein in the National Security Agency's bulk collection of U.S. phone records in an effort to strengthen legislation that passed the House of Representatives this year.
The IT infrastructure of the National Research Council of Canada was recently compromised by highly sophisticated Chinese state-sponsored hackers, the Canadian government said Tuesday.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness