informa
Quick Hits

'Onliner' Spambot Amassed Hundreds of Millions of Stolen Email Addresses

Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.

Security researchers have discovered a massive spambot called Onliner that contains a treasure trove of stolen users' email addresses, login and password information as well as port settings and SMTP credentials for some accounts, according to published reports.

Onliner is believed to have harvested 711 million records that likely came from a number of previous breaches and data dumps last year, according to Threatpost. However, a number of the email addresses go to nonexistent accounts, according to a BBC report.

The spambot can use the pure email addresses alone (without credentials) for phishing campaigns against the user, the BBC notes.  

But attackers can also use stolen log-in credentials to take over email accounts and further their spambot efforts, according to the BBC. The stolen information about users' SMTP and port settings, meanwhile, can help attackers dupe anti-spam detection systems to allow the spam messages to go through.

Onliner Spambot, which has been in circulation since last year, is suspected of distributing the Ursnif banking Trojan and was discovered by a researcher known as Benkow.

Read more about Onliner here.

Recommended Reading: