A researcher known as Benkow has discovered that a spambot called Onliner has successfully bypassed spam filters to target 711 million email addresses. Having discovered this vast data cache, which includes email addresses, passwords, configuration files and SMTP (Simple Mail Transfer Protocol) credentials, Benkow alerted Have I Been Pwned’s Troy Hunt. Hunt was suitably impressed with the sheer volume and value of the data, which gives attackers huge scope for exploitation – as they need a large number of bona fide SMTP credentials to trick servers into thinking the spam emails are legitimate.
First spotted in 2016, Onliner takes advantage of credentials harvested from other security breaches. It achieved notoriety as the tool used for infecting vulnerable Windows computers with the banking trojan Ursnif; which then steals passwords and credit card details by duping users into opening malware laden attachments.
Hunt has now made all the information available through his HIBP service, so that anyone can check if they’ve been compromised. To be sure, a lot of the data overlaps and duplicates – even so, this still leaves several million readily available to malicious attackers.