A French security researcher found a list on a webserver in the Netherlands containing a total of 711 million email addresses and, for a portion of them, also the matching passwords.
According to “Benkow”, a spambot known as Onliner has been misusing these details to log in to around 80 million trustworthy servers and utilizing these to send spam carrying banking malware to the other 630 million inboxes, as reported by „heise Security“. According to the French researcher, the Onliner bot has already been employed since 2016 to spread the “Ursnif” Trojan on a massive scale.
“Benkow” shared his discovery with Troy Hunt, who runs the practical checking service “Have I Been Pwned”. According to Hunt, this is the largest spambot for which data has ever been fed into his service. Hunt even found his own email address (twice, in fact) in the online data. The expert did, however, point out that the addresses were partly incorrect or no longer in existence. By the way, Hunt found Onliner still active. He eventually joined forces with “Benkow” and the responsible law enforcement agencies to shut the spambot down.
The Retarus E-Mail Security infrastructure has also recorded a new wave of malware-infected spam messages over the past few days. With up to four scanning engines running in parallel and the unique early recognition technology Patient Zero Detection® our customers are, however, still on the safe side.