711 Million Email Addresses Exposed: How to Defend Your Info

A spambot called Onliner has apparently assembled a massive amount of data that includes 711 million email addresses and, in at least some cases, passwords as well.

First spotted last week by a malware researcher who blogs under the name "benkow_," the trove of data was found stored in a directory of files on a spambot server hosted in the Netherlands. Many of the email addresses and related passwords appear to have been scraped from data dumps linked to past major breaches of sites such as LinkedIn.

Security experts warned that the large number of SMTP email server credentials uncovered by Onliner makes it easier for spammers to send infected messages that can bypass standard email filters. The experts recommended that anyone whose email address appears in the spambot directory should change passwords, ensure other accounts do not use the same passwords, and enable two-factor authentication for greater security.

'Mind-Boggling Amount of Data'

According to a blog post published on Tuesday by benkow_, the Onliner spambot has been used "since at least 2016" to distribute a banking trojan known as Ursnif. After checking that breached email user data includes valid SMTP credentials, the spambot randomly mails some of those accounts with a message containing a hidden image. When that message is opened by recipients, some of their user information is leaked back to the spammers so their accounts can be categorized for future, more targeted spam campaigns.

The spambot can then use those "fingerprinted" email servers to blast out even larger numbers of emails to identify the best targets for an Ursnif attack, which is launched by messages containing malicious file attachments that are often disguised as invoices.

"In a successful cybercrime campaign there are different parts, the final payload is important but the spam process is very critical too," benkow_...

Comments are closed.