Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.
Security researchers have discovered a massive spambot called Onliner that contains a treasure trove of stolen users' email addresses, login and password information as well as port settings and SMTP credentials for some accounts, according to published reports.
Onliner is believed to have harvested 711 million records that likely came from a number of previous breaches and data dumps last year, according to Threatpost. However, a number of the email addresses go to nonexistent accounts, according to a BBC report.
The spambot can use the pure email addresses alone (without credentials) for phishing campaigns against the user, the BBC notes.
But attackers can also use stolen log-in credentials to take over email accounts and further their spambot efforts, according to the BBC. The stolen information about users' SMTP and port settings, meanwhile, can help attackers dupe anti-spam detection systems to allow the spam messages to go through.
Onliner Spambot, which has been in circulation since last year, is suspected of distributing the Ursnif banking Trojan and was discovered by a researcher known as Benkow.
Read more about Onliner here.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024