Onliner Spambot Leverages 711M Email Accounts for Massive Campaigns

onliner spambotA Paris-based researcher who goes by the pseudonym Benkow has discovered and revealed a massive data set being used in one of the biggest known spam operations. Dozens of text files containing huge batches of email addresses, passwords, and server information were found on an open and accessible web server hosted in the Netherlands. The spambot has been dubbed “Onliner” and is sending out the Ursnif malware, which is primarily a data-stealer that targets account credentials and credit card details.

Onliner’s strategy for spam filters

Since security products are getting better at filtering out spam mail, distributors are always looking for new delivery methods. One such method involves using SMTP credentials to authenticate the spammer, making it seem like the email is legitimate to bypass the filters. The Onliner data has a huge number of SMTP credentials—one of these files has over 140,000 records with email, password, SMTP servers, and ports. This gives the spammers a wide range of servers to send their malicious emails from.

Benkow also shared this massive data set with Troy Hunt, who runs Have I Been Pwned?, a website that helps users check if they have been affected by data breaches. To put the size of the said trove of data in perspective, Hunt says that “it took HIBP 110 data breaches over a period of 2 and a half years to accumulate 711 million addresses”.

Hunt notes that some of the email addresses appear to have been parsed and scraped off the web. Data also appears to have been aggregated from previous breaches. In his post, he shows that a random selection of emails from the Onliner batch was also found in the LinkedIn data breach. Another batch also matched data from a combo list he reported on in May 2017.

The ripple effect of data theft

A stolen email address and password can be used to cause a lot of damage. Stolen account data can be used and reused by cybercriminals, and then sold to someone else to use for other purposes. As criminals continue to find new uses for old data, it only emphasizes the importance of comprehensive security and vigilance. Users should take particular care of their online accounts and also be wary of spam mail.

Many different malware distributors use email as an entry point into the system and network, and since email is practically ubiquitous, users should do whatever they can to protect their email and online accounts. Other effective security solutions include comprehensive spam filters, policy management, and email security mechanisms, which can block malicious payloads.

Trend Micro Solutions

Trend Micro endpoint solutions such as Trend Micro™ Smart Protection Suites and Worry-Free™ Business Security can protect users and businesses from these threats by detecting malicious files, and spammed messages as well as blocking all related malicious URLs. Trend Micro Deep Discovery™ has an email inspection layer that can protect enterprises by detecting malicious attachment and URLs.

Trend Micro™ Hosted Email Security is a no-maintenance cloud solution that delivers continuously updated protection to stop spam, malware, spear phishing, ransomware, and advanced targeted attacks before they reach the network. It protects Microsoft Exchange, Microsoft Office 365, Google Apps, and other hosted and on-premises email solutions.
Trend Micro™ OfficeScan™ with XGen™ endpoint security infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.