Spambots, computer programs which automatically troll web pages so that they could harvest Email Addresses have been around for a while. Although considered a nuisance, they have never been thoroughly researched, nor considered such a great threat. But a recent discovery by a French security researcher who goes by an online handle "Benkow" may change all that. The researcher discovered, as he puts it, "an open and accessible" server that contains 630 million addresses, as well as Millions of SMTP credentials, covering the whole world. Spambot dubbed 'Onliner Spambot,' located somewhere in the Netherlands hosts this database that is stored without any controls.
Anyone could misuse your credentials
Spam is an absolute online nuisance even creating a category of spam professionals. Key social media outlets like Facebook are doing everything to rid themselves and their users of such posts and users. Still, the gravity of the problem seems yet to be taken more seriously, and Benkow's discovery of 'Onliner' might go a long way in that direction.
According to the discovered information, this server that can be accessed by practically anybody is used not only to spread spam but since 2016 has also been used to spread a banking trojan called 'Ursnif.' This Trojan attacks targeted computers and steal all the banking and credit card information available, as well as login details and passwords located in web browsers and other software.
Along with 630 million email addresses, Benkow discovered around 80 million SMTP credentials, which are then used to send spam, and possibly malware to those millions of email addresses. In this manner the spam and malware can bypass anti-spam measures at mail servers, making them look as they are coming from legitimate email addresses.
Many email addresses found seem to be gathered through different data breaches, including LinkedIn, MySpace and Dropbox. Also, 2 million of the addresses seem to be gathered through a Facebook phishing campaign.
How to avoid spambots
According to Troy Hunt, another security researcher, this the largest batch of data that has been breached so far.
But, as he says, the number of humans involved is somewhat less, since the data was scraped from the web and is malformed. Still, the necessity of taking protective measures in no way diminishes.
Since the list is accessible to practically anybody, it might be advisable to check if your email address is on this list and if affected, change your email passwords as soon as possible. Using a two-factor authentication would also be strongly advisable. For website owners, it would be wise to consider more advanced measures like 'address munging' and hiding the addresses, like replacing @ sign with 'at,' which will probably require advice from somebody with a more detailed knowledge.
