<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Was your Email Address found in the World's Largest Spambot?

Posted: 13 September 2017

Your Email Address Worlds Largest Spambot Email Security

The average IT security administrator has much to be concerned about today; the threat of ransomware bringing their businesses to a halt, their readiness for the incoming GDPR (General Data Protection Regulation), trusted employees forever on the cusp of potential betrayal and now the return of the oldest foe of them all... spam.


Spam returns to the world of IT security

Last month, spam made it back into the headlines after a Paris-based researcher discovered thousands of email address lists belonging to a spambot, known as "Onliner", on an open web server in the Netherlands. Containing a record-breaking 711 million addresses, the lists have helped Onliner to deliver the "Ursnif" banking malware to inboxes worldwide, infecting over 100,000 unique endpoints to date.

To put this into context, the lists represent just short of 17% of the world's 4.3 billion registered email addresses.

In addition to email addresses, the lists contained corresponding SMTP (Simple Mail Transport Protocol) server addresses, port numbers and passwords associated with the account, potentially upgrading this from a simple spam list, to the world's largest data breach.

Onliner is suspected to have used this information in an attempt to connect and authenticate with SMTP servers, bypassing spam controls which stand down when presented with an authenticated account. Those successful would then have a fingerprinting email sent to the target containing an image with embedded code, similar to the way tracking emails work. The code would then report information about the endpoint being used, back to Onliner, (e.g the operating system), allowing more targeted spam and malware to be subsequently delivered.

Are you on the Spam List?

The website Have I Been Pwned has added and indexed the Onliner hoard to its database of 231 breached website account lists which can be searched across using our search application just below.

Enter your email address and we'll return a list of spam lists and breaches which your account was recognised as being involved in.

Get free 30 day trial GFI MailEssentials

Chris Payne Senior Technical Consultant, Infinigate UK
Posted by Chris Payne
Senior Technical Consultant, Infinigate UK
View LinkedIn profile

 

Share via:

    

Subscribe to VSEC Blog Updates

Popular Posts