Good that I deactivated my account long ago.
They couldn't have gotten mine, could they?


Cnet news article

"A nasty bit of malware making the rounds on Facebook has reportedly made off with the usernames and passwords of more than 45,000 users.ore than 45,000 members' username n password.

Most of those affected by the worm--called Ramnit--are from France and the United Kingdom, according to a bulletin issued by security researchers at Seculert. It is capable of infecting Windows executables, Microsoft Office, and HTML files, according to McAfee.

The security researcher has notified Facebook and provided the social-networking giant with all the stolen credentials found on Ramnit's server."

Link to news article

So any of you using facebook should change password and email password that you get notifications from facebook.

Facebook has NOT been hacked.

What's happened is that:

If your PC has been infected with the Ramnit malware, it can modify webpages you see in your browser, so that it can collect your id and password for any site.

Changing your password won't help, if you're already infected. And it won't help if you're not infected, because you're not infected.

Make sure you have up-to-date anti-malware (anti-virus) and all the latest patches of your OS installed.

"Facebook has been hacked" would mean that the computers the Facebook use to host their service and run their business had been compromised. My understanding is that this is not the case.

Absolutely correct. This is a standard-issue worm (actually, an old worm recycled - it used to after bankng site credentials if I remember correctly) and has little to do with Facebook aside from scraping those credentials.

Ummmm....
Don't get me wrong. I'm not really an expert on IT things.

But

How the worm was first got onto facebook that stole user name and password via command control URL? I don't know what it mean by the way. i read it from other source.
Can anyone plants that without hacking or doing something to the webiste?

What I heard is that those people's contacts or friends who are affected by this worm, can also be infected. So it won't help these who are infected by worm by changing password but it will help their contacts from the worm if they change password. Maybe they are already infected... Umm...

And I also heard that they steal these credential info by reading cookie. I don't know what exactly mean again...

I have two web browsers. One I.E, the other Firefox. Firefox I have master password on by the way. Let's say I use daily surfing and so on using I.E and banking things using Firefox. Can they steal my bank ID or password if I click the link that has malicious little worm? My default web broser is IE.

Maybe it's dumm question for sb knows IT stuff well. But I don't know. But in blink of sense(?), I think they could.
Umm.. they can steal if cookie is saved in the same place. It is saved in the same place whether I use IE or Firefox.
Umm.. If the computer is infected by this worm then, they can anyway steal my info.

Anothe question, once I gather, I received email link from my friend via facebook before deactivation, the link was website. when I clicked the link it was blocked. Then, second email link was also blocked. But third email I was able to click. There was nothing. I shut it immediately though. In this case, can I be already infected? I think my friend account were compromised. i had my guard on though and always update every week.

Is there a way to check whether my computer is Zombie or not?
Once I did put some code on command window, it was ok. I forgot though as it was long ago.
Do anyone knows how to check?

[QUOTE=happyday;1450650]Ummmm....


Umm.. they can steal if cookie is saved in the same place. It is saved in the same place whether I use IE or Firefox.

I edit,

Umm... they can steal if cookie is saved in the same place. Is it saved in the same place whether I use IE or Firefox?

You can get infected by:

1. Having an machine without the latest operating system updates. If there is an unpatched vulnerability, then you can just end up with like a "fly-by" infection.

2. Downloading compromised software. This can be by clicking a link that downloads software/patches/fixes onto your computer, by downloading an attachment sent to you from a friend - or appearing to. Or downloading an attachment or following a spam link. Or visiting dodgy sites that ask you to install something.

Once infected, then the malware can start gathering information about the websites you visit, capture EVERYTHING you type etc. Just imagine that a criminal has got a camera focussed on your screen and keyboard and videoing everything you do. That's effectively what this nasty bit of malware does. It then sends the information to its master.

Note: once infected, the problem is on YOUR machine. Not any links, no websites. Using IE and Firefox in the way you do, though sensible, won't help. IF you have this or a similar virus.

To find if you own a zombie, get an antivirus scan disc from a clean source, boot up your PC from that, and scan.

Once infected, even if you have the latest antivirus software, these things can hide.

The trick is to NOT get infected in the first place, which isn't difficult if you follow simple rules.

1. Only install software that you decide to install.
2. Keep your antivirus software up to date
3. Keep your operating system up to date.

I've been on the net since 1996. I've had two infections in that time. One from allowing an unpatched machine to be connected to the net, once where one of my family was tricked into downloading software. That second was detected by my AV and didn't cause any trouble.

It depends on whether you store all your cookies in the same jar...

4. Make sure you visit the official website of whatever you want to visit and type in your login data/download from there.

Not relevant.

This particular piece of malware rewrites the screen it receives from the bonafide website you're connecting to and adds it's own bit in that retrieves your id and password. It's carried out on the infected PC, *not* the website.

What you're describing is how to avoid being phished.