Light Dark
September 1, 2017 By Mark Samuels 2 min read

A malware researcher recently uncovered a spamming operation that led to a massive data breach of more than 711 million email addresses.

Paris-based security expert Benkow found an open and accessible web server that was hosted on a spambot in the Netherlands. According to Benkow’s blog post, the server, known as Onliner, has been used to distribute spam and Trojans.

Inside the Spamming Operation

The Onliner web server is home to a range of text files that contain batches of email addresses and passwords. These credentials are the keys to success for the spamming operation, which aims to circumnavigate spam filters by distributing email via authentic servers.

Onliner is being used to push the Ursnif banking malware to inboxes around the world. The Ursnif Trojan provides a means for fraudsters to collect sensitive data, including usernames, passwords and credit card information.

According to the BBC, the spamming operation appears to be the biggest of its kind ever found. The potential ramifications are also significant: Benkow told ZDNet that the distribution of the Ursnif Trojan has led to over 100,000 unique infections globally.

What Information Was Exposed?

About 80 million valid credentials were discovered in the online directory, according to the researcher’s blog. These legitimate email addresses — and their servers — allowed attackers to bypass antispam measures and send spam to the remaining 630 million accounts.

The list includes email addresses that seem to have been taken from other data breaches, such as those associated with LinkedIn, MySpace and Dropbox, The Hacker News reported. Benkow also found a list of almost 2 million email addresses that appeared to stem from a Facebook phishing campaign.

In a blog post, technology expert Troy Hunt noted the size of the data breach. Hunt, who runs the breach notification site Have I Been Pwned?, said the “mind-boggling amount of data” is the largest he has ever uploaded to his service. He noted that the 711 million records are almost the equivalent of an email address for every man, woman and child in Europe.

Reducing the Risk of a Data Breach

The origins of Onliner remain unclear, but the potential risk is obvious. The database is stored without any access controls, meaning the data is publicly available to anyone without the use of a password.

Individuals can use Have I Been Pwned? to check whether their email address is included in the service records. Affected individuals should change passwords for their email addresses and all other accounts that use a similar string, reported Graham Cluley. Users can also protect their accounts with two-factor authentication when the option is available.

The risk of data exposure is rising. More than 6 billion records were exposed through 2,227 publicly disclosed data breaches in the first half of 2017, according to research from Risk Based Security. The number of records exposed during the first half of this year is already higher than the previous all-time high at the end of 2016.

While users must act cautiously, IT managers and security experts should work to reduce the risk of a data breach. Malware researchers need to spend more time investigating the creation and distribution of spambots. He pointed to the high level of creativity and the potential interaction with other areas of cybercrime.

 |  |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

November 12, 2024

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature