Longest-Ever Spam Catalogue Unearthed having 711m Passwords, E-mail Ids

Cyber-security researchers recently stumbled upon what according to them, is an unprecedented long catalogue of passwords and electronic mail ids utilized for spewing spam and delivering malicious software to victims worldwide.

The catalogue has an unbeatable 711m passwords and e-mail addresses, among which many were exposed during known hacks like the one in 2012 which struck LinkedIn, and these were recently discovered on one Netherlands located "spambot" server.

Known as "Onliner," the spambot utilizes an open server in Netherlands for thrusting the Ursnif malicious program inside mailboxes globally. The infamous Ursnif has a great capacity for filching huge volumes of data by attacking browsers and software programs, wherein banks are especially endangered. Onliner is known to have stolen 711m SMPT credentials, including passwords, electronic mail servers and e-mail ids- with 80m of the total tested for legitimacy as also employed for targeting the rest 631m A/Cs, while making an effort towards eluding anti-spam software. Alphr.com posted this, August 30, 2017.

The malicious program Ursnif is capable of quickly reading login credentials, passwords and credit card details as any spammer would characteristically dispatch some malware-tainted file through an attachment that looks harmless, contaminating the computer soon as it's downloaded. Attackers campaigning with the Onliner spambot established one highly complex system for circumventing extremely advanced spam filters.

Since spam mailers keep on innovating methods for getting past filters, it is now becoming more of an end-user task for filtering the junk. Sadly, one mustn't even open the e-mails as the action alone can do much for making the end-user a victim.

According to Mr. Hunt, the spambot catalogue has gotten tracked to one PC-server based in Netherlands; however, that has still to be closed. Presently, impacted users can only check whether the attackers targeted their e-mail ids, but not whether they compromised their accounts. However, speaking to BBC, Benkow said affected end-users could adopt protective measures that were still there.

Whilst huge volumes of e-mail ids are on the list the password volume related to the said ids happens to be a far bigger problem. Benkow suggested impacted end-users to reset their passwords, while remain watchful opening e-mails.

» SPAMfighter News - 9/6/2017