Change Your Password: Massive Spambot Dump Leaks Over 700 Million Private Email Addresses
We all know we should be changing our passwords on a frequent basis, at probably every quarter in general (and more or less often depending on the type of account and what information is accessible). It is easy to overlook, however, at least until something serves as a reminder. Well, let a recent leak hundreds of millions of email accounts by a spambot serve as that reminder.
A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam.
Spammer's have been using those credentials for a massive malware campaign. And because these are legitimate email servers that they have access to, they are able to scoot right on past spam filters that would normally nix such an operation.
The spambot is called "Onliner" and it has already captured 711 million email accounts. Spammers are using it to deliver the Ursnif banking malware into inboxes around the globe. So far it has been able to infect more than 100,000 machines, according to Benkow. Troy Hunt, owner of the website Have I Been Pwned, called it a "mind-boggling amount of data" and the "largest list" he has ever seen.
Though it seems rather simple, spamming is still a popular and effective means of spreading malware. Spammers have to contend with increasingly sophisticated email filters, but Onliner itself is rather sophisticated and able to bypass spam filters.
"Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it. And it's the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign," Benkow explains.
Benkow says the spammer(s) responsible dug through the contents of other security breaches, such as the LinkedIn hack and other sources.
Bottom line? If you have not done so recently, it would be a good idea to go and change your passwords, and then get in the habit of changing them periodically.
A security researcher in Paris who goes by "Benkow" is spreading the word on what he found, which is an open web server hosted in the Netherlands storing dozens of text files containing email addresses, passwords, and email servers used to send spam.
Spammer's have been using those credentials for a massive malware campaign. And because these are legitimate email servers that they have access to, they are able to scoot right on past spam filters that would normally nix such an operation.
Processing the largest list of data ever seen in @haveibeenpwned courtesy of a nasty spambot. I'm in there, you probably are too.
— Troy Hunt (@troyhunt) August 28, 2017
Though it seems rather simple, spamming is still a popular and effective means of spreading malware. Spammers have to contend with increasingly sophisticated email filters, but Onliner itself is rather sophisticated and able to bypass spam filters.
"Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it. And it's the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign," Benkow explains.
Benkow says the spammer(s) responsible dug through the contents of other security breaches, such as the LinkedIn hack and other sources.
Bottom line? If you have not done so recently, it would be a good idea to go and change your passwords, and then get in the habit of changing them periodically.
