Mind-boggling Spambot infects the world

Posted on by

email fellaRecently I have received 3 or 4 spam email messages a day from unknown names and usually having either an invoice or some image to be opened included. I stay well clear of such emails so refrained from opening any.

However, curiosity as to where they originated led me to

a Paris based researcher, whose name is only known as a pseudonym, who had discovered an open and accessible server located in the Netherlands that apparently stores files with a huge amount of email addresses, passwords and email servers for sending out spam.

malware-ransomwareIt also means it was used to deliver malware to an inbox near you and more than 100.000 infections across the world.

Another researcher, Troy Hunt, who runs a breach notification site analysed the data and called it the “largest” batch of data to enter his site in its history. The huge spambot ensnared 711.5 million emails accounts and when a spammer sends the normal looking email they attach what is known as a ‘dropper’ file, which when opened downloads the malware from a server and infects the machine.

One piece of malware known as the Ursnif is a data-stealing Trojan that grabs your personal information like your log-in details, passwords, credit card data. Email filters are getting smarter, however, and while spamming is still an effective malware delivery method many web domains, that have been found to have sent spam, are being blacklisted.

spambotBecause of the enormous size of this latest spambot where each line of the list contains an email address and password and the smtp server and port, it is conceivable that a fair number of recipients will succumb to curiosity and click to open, just as it happened yesterday at the Kapiti Coast District Council, which owing to the infection led the Council to sending out a number of malware emails before they discovered the problem.

It seems that about 80 million email servers are being used to send the remaining 630 million target emails and chances are that you may also have received such an email tempting you to open it. Needless to say: ‘Don’t’!  Delete, delete.

Nevertheless, the arrival of such an email does mean that the sender server already has your email and password, so to find out if your email address has been breached, go to: https://haveibeenpwned.com . It is Troy Hunts site and there you can enter your email address and have it checked for breaches.

If the answer is Yes then change your password for your email server, e.g. paradise or clear.net or gmail etc. as I had to do for my paradise email account.

If you need help Kapiti SeniorNet is here to help our members. Check out “How do I…?” workshops for assistance.

Down with spammers.