The W32.Ramnit Worm is a nasty little bug that spreads through removable drives adding a back door, stealing passwords and monitoring activities.



The threat is distributed through removable drives, infected files on public FTP servers, exploit kits served through malicious advertisements on legitimate websites or social media, and is also bundled with potentially unwanted applications.

To spread itself, the threat will infect EXE, DLL, HTM, and HTML files and make copies of itself on removable and fixed drives.

The primary function of this threat is to steal information from the compromised computer. It does this by downloading various modules that can perform the following tasks:

Steal cookies to hijack online sessions for banking and social media websites. The threat steals cookies from the compromised computer’s browsers, stores them in archive files, and sends them to the C&C server.

Steal login credentials for a large number of FTP clients.

Monitor a victim’s frequently visited websites, including online banking websites. When the threat recognizes that a victim is on a specific site, it will act as a man-in-the-browser (MITB) and inject code into the web page. It will then request that the user submit sensitive information that is not normally submitted to a bank during login. The attacker can then use this information to access the victim’s credit cards and bank accounts.

Give the attacker remote access to the compromised computer.

It will also open a back door and connect to a C&C server so it can receive commands and request the modules that are used to steal information from the compromised computer.

Download @ http://www.majorgeeks.com/files/details/symantec_ramnit_removal_tool.html