The login details of more than 45,000 Facebook users have been stolen by the Rammit worm, according to Seculert.
The cyber threat management firm's research lab identified a new variant of the worm, which was first discovered in April 2010. Originally, Rammit infected Windows executable and HTML files to steal; sensitive information. However, in August last year, it was reported the virus had transformed into a banking-based Trojan in a bid to commit financial fraud. Now, Rammit has mutated once again and has turned its attention to usernames and passwords belonging to members of Facebook. Seculert said the majority of the victims were based in the UK and France.
"We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims' Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware's spread even further," the security firm said in a blog.
"In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks,"
Seculert has reported the worm to Facebook, which says it has "initiated remedial steps for all affected users to ensure the security of their accounts".
"Thus far, we have not seen the virus propagating on Facebook itself, but have begun working with our external partners to add protections to our anti-virus systems to help users secure their devices," a spokesperson for the social network said.
"People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page for additional security information."