Ramnit is a computer worm currently affecting many Windows users. It was estimated that it infected 800 000 Windows PCs between September and December 2011.


Ramnit was first detected in 2010, attaching itself to executable files and USB drives to infect additional computers. Originally a generic worm, it did not have many capabilities and was thus not considered dangerous. In 2011, malware writers altered the worm to capture data from web sessions, letting hackers commit financial fraud. Most recently, it was responsible for the theft of 45 000 login credentials, using them to infect the victims' friends and remotely access corporate networks. The current version of Ramnit is a hybrid version of the original worm, with some code taken from the ZeuS trojan horse.