Onliner Spambot, one of the largest spambot’s ever seen has recently been uncovered by a Paris-based security researcher known as ‘Benkow’.
Benkow suggested it has been in use since 2016. The seven hundred and eleven million email addresses – and sometimes the associated passwords have seemingly been collected to help spread a banking malware trojan – Ursnif. In addition, Benkow further suggests this spambot targets specific countries like Italy or specific business sectors like hotels. These 711,000,000 addresses and related personal information are now on the black market, meaning attackers can buy these and use them for further malicious activity – frightening!
The spambot gathered around 50GB of emails, credentials and SMTP configuration files. Operator of the website HaveIBeenPwned.com, Troy Hunt, acknowledges that some of the collected email addresses are non-existent accounts though the number still totalled a “mind-boggling amount”. He added that Ursnif was found on a Dutch server which was ordered to be shut down immediately by law enforcers in the country. Users can check if their email address has been leaked here.
There are different ways in which the list of email addresses and credentials could have been hacked. Public leaks from places such as LinkedIn allow attackers to gain access to passwords but credentials could also come from phishing campaigns and credential stealer malware. Benkow further explains that spambots with SQL injection scanners allow hackers to search the internet for SQLi retrieves and SQL tables with names like ‘user’ or ‘admin’ to gain data.
Although it is difficult to know exactly where all the email addresses came from, attackers usually target email addresses with spam in the hope of tricking recipients into revealing more information. This can be done by clicking on a malicious URL or providing sensitive information to the attacker unintentionally. But in cases where attackers already have the user’s details, secretly hijacking the victim’s account to send out more spam is also an option.
Rocketseed treats the security of your corporate email as our top priority. We thoroughly test all components and customer software, and perform regular security reviews and penetration tests.
Your security is our priority at Rocketseed, find out more on how we can help here.