One of the world’s largest data breaches has seen the leak of more than 700 million emails as well as millions of associated passwords. This has been done thanks to an attempt by spammers to break into people’s emails using programs that collect or harvest email addresses from the internet as a step to building mailing lists for sending unsolicited emails otherwise known as spambots.
Discovered by a France-based security expert, it was found out that these emails were hosted in some server in Netherlands. However, the number of genuine user emails could be lower than the reported 711 million addresses due to a number of repeated, fake or malformed addresses contained in the site that can be accessed by anyone.
It should be noted that these credentials are hugely helpful to spammer’s mode of operation as they can bypass spam servers, thus sending unsolicited emails through legitimate email servers.
According to ZDNet, the spambot used in this case is named ‘Onliner’ and primarily delivers banking malware called ‘Ursnif’ into mailing list of people all over the globe. As of now, more than 100,000 cases have been reported.
Although spam filters have received a major boost to counter such cases by means of firewalls and newer products, email remains the best way of delivering malware to unsuspecting users.
“The other common way to send spam is more brutal. Here, the attacker creates or buys a specifique malware used to infects people and send spams. The more the attacker infects people, the more he can distribute spams through different IPs. However, a random pwned Windows machine is not enought to send spam. For that, the attacker needs some email server (SMTP) credentials. This is where you can be concerned by Spambot. Indeed, to send spam, the attacker needs a huge list of SMTP credentials. To do so, there are only two options: create it or buy it. And it’s the same as for the IPs: the more SMTP servers he can find, the more he can distribute the campaign,” says the researcher on his blog post.
You can check if your email is compromised via this service.