An absolutely massive spambot has been discovered with access to over 711 million email addresses.
The spambot, known only as ‘Onliner’, was discovered when Paris-based security expert ‘Benkow’ found an open web server containing a staggering number of email addresses, passwords and email servers.
Fellow security researcher Troy Hunt runs a website called ‘Have I Been Pwned’ that lets you find out if your email or password is being used for spam, or has been discovered by a virus.
Writing on the website’s blog, Hunt called the discovery, “The largest single set of data I’ve ever loaded into HIBP.”
“Just for a sense of scale,” he says. “That’s almost one address for every single man, woman and child in all of Europe.”
Benkow believes that the spambot has been used to deliver Ursnif, a powerful piece of banking malware that steals personal data such as credit card information, passwords and more.
The spambot’s success has already been considerable. Speaking to ZDNet Benkow confirmed the malware had already successfully infected a computer over 100,000 times.
What’s even more worrying is the level of sophistication that the spambot has been able to demonstrate.
As email filters have gotten smarter it has become more and more difficult for spambots to get emails through to the victim.
To get past a filter an email has to show certain levels of authentication to prove that it’s being sent from a real server and a real person.
These are known as SMTP credentials, the more the spambot has, the further it can send its virus and the more filters it can get through.
“It’s difficult to know where those lists of credentials came from,” explains Benkow.
“I have obviously seen a lot of public leaks (like Linkedin, Baidu or with every passwords in clear text) but credentials can also came from phishing campaigns, credentials stealer malwares like Pony, or they can also be found in a shop.”
Described as a ‘mind-boggling amount of data’ by Hunt, there’s very little that many of us can do.
If you want to see if your email is on the list (it probably is) then you can check at Hunt’s HIBP website here.
Instead all you can really do is maintain vigilance. Constantly check emails that make it past your spam filters and never click on an attachment unless you know the source and you understand the email.