'Onliner' Spambot Amassed Hundreds of Millions of Stolen Email Addresses

Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.

Dark Reading Staff, Dark Reading

August 31, 2017

1 Min Read

Security researchers have discovered a massive spambot called Onliner that contains a treasure trove of stolen users' email addresses, login and password information as well as port settings and SMTP credentials for some accounts, according to published reports.

Onliner is believed to have harvested 711 million records that likely came from a number of previous breaches and data dumps last year, according to Threatpost. However, a number of the email addresses go to nonexistent accounts, according to a BBC report.

The spambot can use the pure email addresses alone (without credentials) for phishing campaigns against the user, the BBC notes.  

But attackers can also use stolen log-in credentials to take over email accounts and further their spambot efforts, according to the BBC. The stolen information about users' SMTP and port settings, meanwhile, can help attackers dupe anti-spam detection systems to allow the spam messages to go through.

Onliner Spambot, which has been in circulation since last year, is suspected of distributing the Ursnif banking Trojan and was discovered by a researcher known as Benkow.

Read more about Onliner here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights