Millions of Email Addresses Exposed From SpamBot Server

A massive database of over 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind.

A French security researcher, who uses the online name Benkow, has spotted the database on an “open and accessible” server containing a large amount of email addresses, along with millions of SMTP credentials from around the world.

The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring a password or username.

According to a blog post published by Benkow, the spambot server, dubbed “Onliner Spambot,” has been used to send out spams and spread a “banking trojan called Ursnif” to users since at least 2016.

The Ursnif Banking Trojan is capable of stealing banking information from target computers including credit card data, and other personal information like login details and passwords from browsers and software.

“Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it,” Benkow said. “And it’s the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign.”

As the researcher explained, he came accros “a huge list of valid SMTP credentials” (around 80 millions) which is then used to send out spam emails to the remaining 630 million accounts via internet provider’s mail servers, making them look legitimate that bypass anti-spam measures.

The list also contains has email addresses that appear to have been scraped and collected from other data breaches, such as LinkedIn, MySpace and Dropbox.

The researcher was able to identify a list of nearly 2 million email addresses to be originated from a Facebook phishing campaign.

The exposed database has been verified by Troy Hunt, added the leaked email addresses to his breach notification site.

At the time of writing, it is unclear who is behind the Onliner Spambot.

Users can check for their email addresses on the site and those affected are obviously advised to change their passwords (and keep a longer and stronger one this time) for your email accounts and enable two-factor authentication if you haven’t yet.

Also, do the same for other online accounts if you are using same passwords on multiple sites.



Recent Posts
Categories
Archives