Massive New Spambot Ensnares 711,000,000 Email Addresses

An anonymous reader quotes ZDNet: A huge spambot ensnaring 711 million email accounts has been uncovered. A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers.

The spambot, dubbed "Onliner," is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it's resulted in more than 100,000 unique infections across the world, Benkow told ZDNet. Troy Hunt, who runs breach notification site Have I Been Pwned, said it was a "mind-boggling amount of data." Hunt, who analyzed the data and details his findings in a blog post, called it the "largest" batch of data to enter the breach notification site in its history... Those credentials, he explained, have been scraped and collated from other data breaches, such as the LinkedIn hack and the Badoo hack, as well also other unknown sources.
The data includes information on 80 million email servers, and it's all used to identify which recipients have Windows computers, so they can be targeted in follow-up emails delivering Windows-specific malware.

Just culls the weak in the wild

[rmdingler]

The data includes information on 80 million email servers, and it's all used to identify which recipients have Windows computers, so they can be targeted in follow-up emails delivering Windows-specific malware.

Likely, all of which, requires some complicit user imbecility to embed.

Re:Just culls the weak in the wild

[muphin]

80 million email servers

thats a lot of email servers!

Re:Just culls the weak in the wild

You're not counting the Martians...

Whoops! Shouldn't have said that..

Re:Just culls the weak in the wild

[rmdingler]

80 million email servers

thats a lot of email servers!

Right, and for a total compromise of 711,000,000 users, that's what?

9 users per server?

Re:Just culls the weak in the wild

I wonder if I can find the password I lost last week for one of my throw-away accounts. :)

run for the hills

[wardk]

email malware for windows? WTF?

Re:run for the hills

[arth1]

email malware for windows? WTF?

It's known as Exchange...

Give me about 20 minutes

Just go to my handy website to enter your email to see if you've been affected, link will be up shortly. :^)

Re:Give me about 20 minutes

[arth1]

Just go to my handy website to enter your email to see if you've been affected, link will be up shortly. :^)

Too late - the "security researcher" here already has put up https://haveibeenpwned.com/
Only a gullible fool would enter his own e-mail address in a site like that, but then again, there's no shortage of those...

Re: Give me about 20 minutes

Instead, I've put yours. :)

Re:Give me about 20 minutes

[Trax3001BBS]

It's appears good, it's cloudflare.com not 127.0.0.1 cloudfront.net
https://www.robtex.com/dns-loo...

But does go through a lot of edge servers (can throttle network traffic to adjust loads).

Re:Give me about 20 minutes

[Trax3001BBS]

It's appears good, it's cloudflare.com not 127.0.0.1 cloudfront.net
https://www.robtex.com/dns-loo...

But does go through a lot of edge servers (can throttle network traffic to adjust loads).

Bail that answer that site is bad news, I posted too early search further I found this dire warning from Domain Registration
http://www.webhostingtalk.com/... and https://www.complaintsboard.co... first two searching eNom Inc.

Really sorry about that.

Re:Give me about 20 minutes

You and Dan Kaminsky should get naked and be cool together.

Re:Give me about 20 minutes

[Trax3001BBS]

You and Dan Kaminsky should get naked and be cool together.

I LOL'd https://en.wikipedia.org/wiki/...

711,000,000?

Aaah! They all voted for Trump anyway. They deserve what they get.

Re: 711,000,000?

Clinton is ten times worse than Trump. Far more deceitful and dangerous. Thank goodness she lost!

So what

Few people trust email anymore. Scammers aren't going to get much out of this. And their garbage mostly ends up in spam folders now. Big fail.

Re:So what

You'd be surprised how easy it is to filter spam without even looking at message content.

I asked before and I'll ask again

Is the operator of that server dead yet ?

And if not, why ?

The only good psychopath is a dead psychopath.

At least it compresses well

So now there's a single good source for just how many ways can you spell password.

Can it be added as a package for Linux's cracklib?

I know I'd love to know that while my password might seem really secure to me that it's also not the same as the combination on my bosses luggage.

And most of them are rubbish

I just had a look on 'Have I Been Pwned' for one of my domains and of the 140 or so 'Onliner' addresses, 99% of them are invalid addresses that would go straight into the trash (I don't bounce emails to invalid addresses). I wonder how many of those 711 million addresses are sent straight to /dev/null

Re:And most of them are rubbish

There is no "/dev/null" in Windows, the sole Target here.
This is not accidental...

Re:And most of them are rubbish

Some of the records noted if the addresses were associated with Windows or not. Windows was not the "sole target"

I had 2 addresses breached, unique email addresses I gave to a headhunter more than a decade ago. Long ago I routed those email addresses to /dev/null.

Crap to legit ratio

[BlytheBowman]

I wonder how many of these e-mail 'addresses' read something like jhjhdsjifhdsjisfh@jdsjfhj.kjj vs ones that are legitimate (this reminds me of when spammers were selling CD-ROMs with "millions of email addresses" on them)

Re: Crap to legit ratio

[Brockmire]

The only one from my domain on the list was a random one not made by me.

Crap to legit ratio?

I wonder how many of these e-mail 'addresses' read something like jhjhdsjifhdsjisfh@jdsjfhj.kjj vs ones that are legitimate (this reminds me of when spammers were selling CD-ROMs with "millions of email addresses" on them)

More than just breaches

[bib1620]

This list contains more than just breaches. It also contains email addresses scraped from mailing lists, as I have found a few I used. I wish spammers would start weeding out the crap in their lists...

Email accounts with passwords. That explains it.

[Mike+Van+Pelt]

I've been seeing a few cases where some miscreant obviously has access to real email conversations, and inserts something evil into it. In one case, in an ongoing conversation, an email "from" one of the participants with all the "On <date>, <foo> said:" reply chain for the legitimate conversation intact said "Check out this and let me know what you think", where "it" was the ever-popular Microsoft Word document that just said "Enable Content to view this". Of course, if the recipient does "Enable Content", the evil macros in the document will pwn him completely.

One even more evil, a legitimate conversation about a financial transaction. The thief inserted an email (once again, the reply chain of the legitimate conversation intact) saying "Oh, by the way, my bank account has changed, please wire it to...." some random money mule account. That one didn't get caught until the proper recipient started complaining about where his money was.

This list.... email addresses with passwords... that is very likely how some of these scams are carried out.