Giant spambot targeting 711 million emails – find out if you’re a target
711 million email addresses have been discovered to have leaked online as part of the largest spam campaign in history – here is what is going on and how to find out if your email has been leaked.
A giant spambot (software that automatically sends spam email) has been discovered with a whopping 711 million email addresses at its disposal. The spambot – named Onliner – was discovered by a security researcher named Benkow and has been configured to connect to a server based in the Netherlands. And on that server is the 711 million email addresses.
The Onliner spambot can use that epic database of email addresses to send victims malicious attachments that – if opened – will install a version of banking malware called Ursnif onto a victim’s computer.
It gets worse, however. The large database of emails doesn’t just contain email addresses. Many of the emails have also been coupled with their respective passwords as well as other [SMTP] information. This allows a spammer to hijack legitimate email servers using the leaked credentials to send even more spam that may not be recognised by spam junk filters.
Sponsored Content. Continued below...
Basically, the more emails/password/SMTP credentials the spammer has, the more spam they can send. And that spam will look legitimate to junk filters because they come from otherwise legitimate email servers.
Has my email address been leaked, and if so, should I be worried?
First thing’s first – check if your email address is part of the 711 million leaked emails.
This is easy – simply visit the Have I Been Pwned website operated by Troy Hunt and enter your email address. That will tell you what (if any) breaches that have seen your data leaked online. Regarding this case, the breach will appear as Onliner Spambot.
If your email address appears, don’t panic!/ The chances are that it is just your email address that has been leaked and nothing else. This means that you’ll more than likely get some scammy emails coming your way – but as long as you know how to spot them (e.g. don’t open email attachments unless you were expecting them) then you should be okay. Annoying yes, but not an online security disaster.
However, there is a chance that your email password has also been leaked and spammers are using your credentials to send others spam (and it means that someone could potentially access your email account) so we do recommend that if your email address does appear, then it’s best to change that email password as soon as you can.
Sponsored Content. Continued below...
How did spammers get my email (and possibly my password) ?
How all these emails and passwords ended up together on a web server in the Netherlands is not known exactly, but much of the information appears largely to be a culmination of previous breaches. (This means there is a good chance that you’ll have more than one entry in the Have I Been Pwned website.)
It is also worth remembering that if you find that your email address has been leaked, and you re-use the same password and email combination on other online accounts, it is worth changing your password on those accounts too.
Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.
Continued below...
Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)
Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)
