Onliner Spambot server breaches 711 million email addresses and passwords

A spambot going by the auspicious name of Onliner Spambot has compromised 711 million email addresses and passwords.

This was discovered when security researcher Benkow came across a web server that hosts text files containing email addresses, passwords and email server information that spammers use to send spam, according to Zdnet.

The spammers use these credentials to send out malware spam, which are able to bypass spam filters because they use legitimate email servers.

The campaign is successful because the spambot tests each entry by connecting to the server to ensure that the credentials are valid and that spam can be sent. The accounts that don’t work are ignored.

Those credentials allow the spammer to send what appears to be a legitimate email.

Benkow explains that Onliner Spambot used the SMTP credentials to send its Ursnif malware-laced spam.

The Ursnif banking trojan has been infecting users since 2016 to steal banking information from target computers including credit card data.

The list used by Onliner Spambot has about 80 million accounts, according to Benkow. Each line in the files contains the email address, password, SMTP server and port used to send the email.

Spambots send a ‘dropper’ file that looks like a normal email attachment and downloads malware when opened. The emails sent by Onliner Spambot, contain a hidden pixel-sized image that gets past spam filters because the credentials are legitimate. When the email is opened, the pixel image is loaded and sends back the IP address and user-agent information that identifies the type of computer, operating system and other device information. This helps the attacker know who to target with the Ursnif malware.

This trick is called ‘fingerprinting’, and also enables the spammer to establish whether the email campaign has been successful.

You can check if your email address is on the list by going to haveibeenpwned.com – a website that stores details of email addresses that have been leaked. If your name is on the list, change your password now and keep an eye on any suspicious activity on your bank account.

Concerned that the lack of security awareness among your staff may cause a data breach?

Don’t let your staff be your single point of failure.

Find out how to implement an information security management system that considers staff awareness an intrinsic element of effective information security and helps you tackle data security across technology, people and processes >>>