Image from Pixabay via freeGraphicToday
This is huge. A spambot that has “broken” into 711 million email accounts has been reported. According to a report in ZDNet, a Paris-based security researcher, who goes by the pseudonymous handle, ‘Benkow’, discovered an open & accessible Web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, & email servers used to send spam. Those credentials are crucial for the spammer’s large-scale malware operation to bypass spam filters by sending email through legitimate email servers.
The spambot, dubbed “Onliner,” is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it’s resulted in more than 100,000 unique infections across the world, Benkow told ZDNet.
Another Online security adviser, an Aussie called Troy Hunt, said on his blog post that he was “contacted by someone” called Benkow who went on to explain how he’d located a machine used by the “Onliner Spambot and pointed me to a path on an IP address.” When Troy started getting deeper into the matter, he found his email ID, too, had been breached & infected.
Benkow reportedly spent months digging into the Ursnif malware, a data-stealing trojan used to grab personal information such as login details, passwords, & credit card data. Typically, a spammer would send a “dropper” file as a normal-looking email attachment. When the attachment is opened, the malware downloads from a server & infects the machine.
So, while we will not get into the technical mumbo jumpo, you may catch up with the rest of the action by either reading Benkow’s post or Troy’s.
•Share This•
