The spambot has collected millions of email credentials and server login information in order to send spam through “legitimate” servers, defeating many spam filters.
A security researcher based in Paris has uncovered an open web server hosted in the Netherlands which appears to be storing huge batches of email addresses, passwords and server information used to send spam.
Large spam email campaigns (ones you have likely seen before) use information like this to bypass spam filters by sending emails through legitimate servers.
This spambot (known as Onliner) has been used to spread the malware “Ursnif”; a data-stealing trojan malware that takes information such as passwords and credit card entries. Emails compromised by Onliner would send the malware disguised as an email attachment. Experts estimate this spambot has created 100,000 infections worldwide, and the dataset involved is the largest of its kind ever discovered.
The popular breach-checking website www.haveibeenpwned.com has already categorised the spambot dataset, and email accounts are now searchable. Please use the above link to check if you have been affected.
If you have found to be affected, Entegraty recommend an immediate change of password for the affected accounts. Strong anti-malware solutions are also a key component to staying protected against these types of attack.
If you have any concerns about this issue, please give us a ring on 02083355910.