The Ramnit worm, which was first detected more than 18 months ago, has continued to evolve and now has spawned a version that is targeting victims' Facebook credentials, and with great success. Researchers at Seculert in Israel have found a variant of Ramnit that is stealing those credentials and then trying to compromise other accounts belonging to the victims, including VPNs, email and other sensitive accounts.

Ramnit has been causing trouble since the first half of 2010, going after online banking and FTP credentials, among other sensitive data, and racking up pretty large infection numbers in the process. Seculert estimates that the previous, financial-targeted variants of Ramnit had infected more than 800,000 machines in the last five months of 2011. It's often seen infecting HTML files and Windows executables, but now the attackers behind the worm seem to have moved on to a new tactic.