[ALERT] Change Your Passwords... NOW
A spammer’s database of 711 milliion email addresses and passwords, including email server admin credentials, has been discovered on a wide-open Web server in the Netherlands. It’s the biggest trove of stolen identities yet found. But what’s really interesting - and frightening - is how it’s being used to circumvent spam filters and infect victims with malware. Here's what you need to know, and do...
This Spambot Probably Has Your Email Credentials
The database was discovered by a Paris-based security researcher who goes by the online handle of “Benkow.” He or she has spent months analyzing the data and tracing how it has been used. Benkow says at least 100,000 email accounts have been infected with the Ursnif banking malware via the “Onliner” spambot that compiled and uses this massive database.
Ursnif scans a victim’s system looking for bank account login credentials in particular, but it will steal anything that looks like login credentials to email, e-commerce, social media, and other accounts. Ursnif uses an unusual technique to infect victims’ systems.
Most malware spam employs a file attachment that triggers the download and execution of malware when it is opened. But many users are (finally) cautious about opening attachments, even if they appear to come from trusted contacts. So Onliner embeds an invisible URL in each HTML message it sends. When the message is opened, the URL fetches a pixel-sized image from the spammer’s master server; the tiny image also goes unnoticed.
Along with the URL’s request for the image, it also sends info about the target machine, including its operating system and device info. This data tells the spammer whether the target is vulnerable to the Windows-based Ursnif malware. If not, there’s no point in sending Ursnif to that target, and doing so might raise unwanted attention.
But Wait... There's More!
Another clever trick allows Onliner to evade email servers’ spam filters. Many filters rely, at least in part, on lists of domains known to host spammers. But with the login credentials of an email server’s administrator account, Onliner can exempt its spam from being filtered. The database Benkow discovered contains over 80 million email servers’ admin credentials.
The database includes the admin credentials of 80 million email servers, which are used to spam 630 million email accounts. Onliner has been infecting victims with credential-stealing malware, but it could switch to “botnet” malware that enslaves victims’ computers to send spam, participate in denial-of-service attacks, and other shenanigans.
Here's another troubling aspect of this situation. If a hacker has access to a compromised email address and password, they can do what's called credential surfing. Many people use the same login credentials for multiple online accounts. So a hacker may use your email credentials and attempt to gain access to your online banking, social media, Paypal, eBay or other popular sites.
• Crafting The Perfect Password
• Dashlane's Free Automatic Password Changer
• What is Two-Factor Authentication?
• 5-Point Tuneup For Hacker Defenses
What You Should Do
Onliner goes to unusual lengths to avoid detection by spam filters and security researchers. You cannot rely on your mail provider’s spam filters to keep you safe. You can check the Have I Been Pwned database to see if your email address was present in this spammer database. But don't be surprised, and don't panic if it does. In fact, you should ASSUME your email address and password have been compromised.
You, the end user of email, are still the best and last line of defense. Here's what I recommend:
- Never click on an attachment without verifying who sent it, and why.
- Change your email password every three months at least.
- Use strong passwords, and never reuse passwords on multiple online accounts.
- Use two-factor authentication whenever possible.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 31 Aug 2017
|For Fun: Buy Bob a Snickers.|
Geekly Update - 30 Aug 2017
The Top Twenty
Do You Have Wifi Intruders?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [ALERT] Change Your Passwords... NOW (Posted: 31 Aug 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved