Skip to content
Web review

700 Million Records Found on Server Powering Onliner Spambot

Author: Kevin Townsend

Source: SecurityWeek RSS Feed

Spambot representation
MyCrypNet mobile ads banner

A Paris-based malware researcher known as Benkow has discovered more than 700 million records used by the Onliner spambot on a misconfigured server. The records comprise a large number of email addresses, passwords and SMTP configurations. Researcher Troy Hunt has subsequently added the lists to his Have I Been Pwned (HIBP) website and service.

The IP address of the misconfigured server has been traced to the Netherlands. “Benkow and I,” wrote Hunt in a blog post yesterday, “have been in touch with a trusted source there who’s communicating with law enforcement in an attempt to get it shut down ASAP.” However, since the database was exposed on the internet, it has possibly been accessed and downloaded by other actors.

“It is naive to think that this was not also accessed by other criminal or spammer groups, as this information is of paramount value to those kinds of groups,” comments John Bambenek, threat intelligence manager at Fidelis Cybersecurity. He added, “Sometimes humans make mistakes which is why it is essential to build datasets and monitoring to track their activity over the long term. These kind of mistakes are what help us get these hackers arrested so they can become guests of the local Western government’s prison system.”

Review of this article

An email policy

It is hard to avoid having your email on a SpamBot. Your email is everywhere on the web as it is asked by every website you have an account in. There is no guarantee that one of these websites will not be compromised.

So you have to adopt an email strategy. You should keep a specific email for your accounts when it's possible. Some social network use your email as a means for others of contacting you. In this case it is not really a good idea to have a specific email, as it can lead to confusion people who want to contact you.

The second step is in your own mailbox. One rule I have is never to open an attached file coming out from sources I don't know. How can I be sure on a file source ? By using GnuPG, for example.

An email watch

You also should think about a way to check if your email already is compromised. For that, have a look on the IHaveBeenPawned database from Troy Hunt, for example.

Select multiple sources to watch it and, by the way, also use them for your name and/or your brand.

Keep a list of the sites you give your email to, and have a look at the breach detection news about them as often as you can. That way, you may have a clue about where the SpamBot got your email address.
MyCrypNet mobile ads banner
© 2015-2017 Coppint Market Place Ltd, All rights reserved. Legals