Could you or highly visible people in your company have fallen victim to a spambot? Given that Spambots have targeted billions of email addresses over the years, the chances are high.
Back in August 2017, a security researcher known as discovered 711 million email addresses and passwords available on a public server. It's the third-largest data breach on record. The database was a result of a leak from what's known as the Onliner Spambot.
Cast your mind back to the early days of the internet when dodgy emails containing viruses plagued your inbox. For cybercriminals, they were the good old days, when all you needed was a list of email addresses.
Fortunately, spam filters are increasingly effective at identifying spammers and blocking their emails. One of the ways spam filters work is by identifying large volumes of emails sent to defunct or inactive email accounts.
To appear legitimate and bypass security filters, spammers need active email accounts.
Spambots start by using an existing database of servers from previous data breaches. They double-check that the email accounts are active.
But, these initial emails don't contain malware. Instead, they contain a small 1-pixel image. When you open the email, it reveals key information such as:
The spammers now have a comprehensive database that they can use to send targeted emails containing malware.
Aside from scouting out active email servers, the Onliner Spambot was also looking to target Windows users. This is because the Ursnif Trojan was built specifically to work on Windows computers. The idea is to send out targeted emails to limit the size of the operation. If a malware campaign is too big, it raises red flags for law enforcement.
The discovery of the Onliner Spambot dump demonstrated that spammers are becoming more and more sophisticated at evading security filters and law enforcement.
If your email is on one of these lists, you and your company run the risk of identity fraud and account takeovers. Highly visible people in your company are particularly at risk of targeted attacks by hackers. It's never more important to be one step ahead.