Over 700 Million Email Addresses Exposed From SpamBot Server

0
2864
SpamBot Server

A huge database of 630 million email addresses used by a spambot server to send large amounts of spam has been posted online in what appears to be one of the largest data dumps of its kind.

A French security researcher who uses the Benkow mango online identifies the database in an “open and accessible server” containing a large number of email addresses, along with millions of SMTP credentials from around the world.

The database is hosted on the spambot server in the Netherlands and stored without any access control, making the data accessible to the public so that everyone can log in without a password.

Also Read: Beware! Sarahah App Steal Data Of Your Mobile Phone

SpamBot Server

According to a post published by Benkow, spambot server, known as “Spambots Online”, which has been used to send spam and distribute users are at least 2016 at a bank called Ursnif bank.

Ursnif Banking Trojan is able to steal banking information from target computers, including credit card information and other personal information such as access data and browser and software passwords.

“In fact, to send spam, the attacker needs a huge list of SMTP credentials. To do this, there are only two options: to create or buy it,” said Benkow. “And it’s the same for IPs: the more SMTP servers you can find, the more you can deploy the campaign.”

Also Read: Top 10 Tips To Schedule Your Daily Routine Like Millionaire

As the researcher explains, he finds “a huge list of valid SMTP credentials” – about 80 million – which is then used to send unsolicited email to the remaining 630 million accounts via the email server of the Internet service providers, making them look legitimate to avoid anti-spam measures.

The list also contains many email addresses that appear to have been scraped and picked up by other data breaches such as LinkedIn, MySpace, and Dropbox.

The researcher has been able to identify a list of almost 2 million email addresses from a Facebook phishing campaign.

The exposed database was verified by Troy Hunt, adding the wrong email addresses to his violation notification site.

Also Read: These Apps Allow You To Create Android Ransomware Within Seconds

A huge database of 630 million email addresses used by a spambot server to send large amounts of spam has been posted online in what appears to be one of the largest data dumps of its kind.

A French security researcher who uses the Benkow mango online identifies the database in an “open and accessible server” containing a large number of email addresses, along with millions of SMTP credentials from around the world.

The database is located on servers in the Netherlands and spambot server is stored without any access control, making it publicly accessible for all to access without a password.

According to a post published by Benkow, spambot server, known as “Spambots Online”, which has been used to send spam and distribute users are at least 2016 at a bank called Ursnif bank.

Ursnif Banking Trojan is able to steal banking information from target computers, including credit card information and other personal information such as access data and browser and software passwords.

Also Read: Ropemaker Exploit Allow Hackers To Modify Email Content – Even After It’s Sent

“In fact, in order to send spam, the attacker needs a huge list of SMTP credentials, so there are only two options: create or buy,” Benkow said. “And it’s the same for IPs: the more SMTP servers you can find, the more you can deploy the campaign.”

As the researcher explains, he finds “a huge list of valid SMTP credentials” – about 80 million – which is then used to send unsolicited email to the remaining 630 million accounts via the email server of the Internet service providers, making them look legitimate to avoid anti-spam measures.

The list also contains many email addresses that appear to have been scraped and picked up by other data breaches such as LinkedIn, MySpace, and Dropbox.

The researcher has been able to identify a list of almost 2 million email addresses from a Facebook phishing campaign.

The exposed database was verified by Troy Hunt, adding the wrong email addresses to his violation notification site.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.