September 1, 2017 By Mark Samuels 2 min read

A malware researcher recently uncovered a spamming operation that led to a massive data breach of more than 711 million email addresses.

Paris-based security expert Benkow found an open and accessible web server that was hosted on a spambot in the Netherlands. According to Benkow’s blog post, the server, known as Onliner, has been used to distribute spam and Trojans.

Inside the Spamming Operation

The Onliner web server is home to a range of text files that contain batches of email addresses and passwords. These credentials are the keys to success for the spamming operation, which aims to circumnavigate spam filters by distributing email via authentic servers.

Onliner is being used to push the Ursnif banking malware to inboxes around the world. The Ursnif Trojan provides a means for fraudsters to collect sensitive data, including usernames, passwords and credit card information.

According to the BBC, the spamming operation appears to be the biggest of its kind ever found. The potential ramifications are also significant: Benkow told ZDNet that the distribution of the Ursnif Trojan has led to over 100,000 unique infections globally.

What Information Was Exposed?

About 80 million valid credentials were discovered in the online directory, according to the researcher’s blog. These legitimate email addresses — and their servers — allowed attackers to bypass antispam measures and send spam to the remaining 630 million accounts.

The list includes email addresses that seem to have been taken from other data breaches, such as those associated with LinkedIn, MySpace and Dropbox, The Hacker News reported. Benkow also found a list of almost 2 million email addresses that appeared to stem from a Facebook phishing campaign.

In a blog post, technology expert Troy Hunt noted the size of the data breach. Hunt, who runs the breach notification site Have I Been Pwned?, said the “mind-boggling amount of data” is the largest he has ever uploaded to his service. He noted that the 711 million records are almost the equivalent of an email address for every man, woman and child in Europe.

Reducing the Risk of a Data Breach

The origins of Onliner remain unclear, but the potential risk is obvious. The database is stored without any access controls, meaning the data is publicly available to anyone without the use of a password.

Individuals can use Have I Been Pwned? to check whether their email address is included in the service records. Affected individuals should change passwords for their email addresses and all other accounts that use a similar string, reported Graham Cluley. Users can also protect their accounts with two-factor authentication when the option is available.

The risk of data exposure is rising. More than 6 billion records were exposed through 2,227 publicly disclosed data breaches in the first half of 2017, according to research from Risk Based Security. The number of records exposed during the first half of this year is already higher than the previous all-time high at the end of 2016.

While users must act cautiously, IT managers and security experts should work to reduce the risk of a data breach. Malware researchers need to spend more time investigating the creation and distribution of spambots. He pointed to the high level of creativity and the potential interaction with other areas of cybercrime.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today