Ramnit
Name of Malware: Ramnit (Ramit, Nimnul)
Type of Malware: Banking trojan, downloader, worm, info stealer, scareware
Affected Operating Systems: Windows
Affected Device Types: PCs, laptops
Impact: high
What is Ramnit?
Ramnit is a computer worm: a malicious program that can duplicate and disseminate itself independently. It may also have a number of other malicious functions, including the ability to make contact with a control system and receive further commands from there.
Ramnit collects data from infected systems, intercepts sensitive communication and passes this information to a remote attacker.
It downloads other malware from a server and runs these programs.
How did I get infected with Ramnit?
Systems can be infected with Ramnit when a user opens a malicious e-mail attachment. The malware is hidden in a file that appears harmless. The attachments are often named using words such as invoice or reminder to deceive the user into unsafe actions.
Links to websites that have been hacked by criminals may also be used instead of attachments. The attackers hide malicious scripts on these websites. The scripts are used to download and install the malware without the user's consent.
Ramnit infections can also be acquired via websites that suggest to the victim that their system has been infected with a malicious code or has security vulnerabilities. The victim takes action thinking that they are protecting themselves, when they are actually loading and installing malicious code.
What do I have to do now?
As the Ramnit malware takes full control of the system and often hides your files, you may need to reformat/reinstall your operating system.
Further information can be found under Removing infections from PCs, laptops etc.
Technical specifications
Further information on this malware can be found on the website of our project partner Fraunhofer FKIE.