'Onliner' malware spambot targets 711 million email accounts

It could be the largest spambot yet.

Getty Images/iStockphoto

A security researcher who goes by the name Benkow has discovered a spambot with 711 million email addresses at its disposal. Troy Hunt, who runs the website Have I Been Pwned, said it's "the largest single set of data" he's ever loaded into his searchable database of compromised accounts. Prior to its discovery, the largest he's had to upload contained 393 million records. The spambot called "Onliner" is used as a way to deliver the Ursnif banking malware made to infect Windows computers. Worse, it's capable of bypassing spam filters, so someone not paying close attention to the sender's email address could end up infected.

Onliner bypasses spam filters by collecting emails leaked with their passwords and SMTP credentials from previous breaches, including the massive LinkedIn hack in 2012 that compromised 117 million accounts. "The more SMTP servers [the spammers] can find, the more [they] can distribute the campaign," Benkow explained. They then use those credentials to send infected emails to the other addresses in the list. According to the researcher, 80 million of the 711 million accounts had complete credentials and were used as senders, while the rest were used as targets.

The fact that Ursnif emails can land unchallenged in inboxes is pretty troubling, since they can infect PCs as soon as you load their attachments. Once in your system, the trojan can steal your bank log-ins, credit card info, various passwords and even act as a keylogger. You don't have anything to worry about if you're very careful about the attachments you open, but you can check Have I Been Pwned to see if you need to scan your PC ASAP.