Seculert reported about a financial variant of this malware aimed at stealing Facebook credentials.
While I did not see any Facebook related activity in my samples, I am posting them anyway for your research as their functionality is the same.
The samples I have are being spread not via Facebook but via Blackhole exploit kit, which is a very effective method. Blackhole exploit kit was associated with the spread of ZeuS, Spyeye, and it is not surprising that Ramnit is being spread in the same manner by the same groups. The group of command and control servers that I researched is associated with pharma spam and "Canadian" online pharmacies.