A French security researcher Benkow has discovered a new spambot which has access to 711 stolen million email database.
A French security researcher Benkow has discovered a new spambot which has access to 711 stolen million email database. According to the blog post published by Benkow, the spambot dubbed ‘Onliner’ Spambot contains Email addresses, passwords, and server information. The database is open and can be accessed by anyone and is hosted on a server in Netherlands. Since 2016, the spambot has been sending out spams and spreading a banking trojan named URSNIF banking trojan which is used to steal banking credentials and other personal information Benkow has found around 80 million credentials in which around 2 million has been generated through Facebook phishing campaign. 
Troy Hunt of HaveIbeenPwned (HIBP) has verified the database and said in a blog post that 27 percent of the leaked account in the database was already in HIBP. The specialty of this spambot is that it can bypass the standard email filter for spams in modern email systems. It bypasses the filter by sending through legitimate email servers because it contains not only email addresses and password but also stolen email server credentials. 
WORKING OF THE SPAM Initially, an email is sent to the stolen address which looks legitimate and when opened they will be able to understand user's IP address, computer system, and operating system. Here the attackers target only windows system. Once onliner detects the OS, it sends another email which will be in the form of invoices or receipts from insurance or delivery service. The second email will contain the URSNIF, the banking trojan which will steal user’s banking credentials and personal information. Users can check if their information is exposed or not through HIBP website. If you are a victim, users are advised to change your password and enable Two-Factor Authentication and advised to change your passwords on other accounts periodically, if you are using the same passwords.