[ALERT] Change Your Passwords... NOW

Category: Security

A spammer’s database of 711 milliion email addresses and passwords, including email server admin credentials, has been discovered on a wide-open Web server in the Netherlands. It’s the biggest trove of stolen identities yet found. But what’s really interesting - and frightening - is how it’s being used to circumvent spam filters and infect victims with malware. Here's what you need to know, and do...

This Spambot Probably Has Your Email Credentials

The database was discovered by a Paris-based security researcher who goes by the online handle of “Benkow.” He or she has spent months analyzing the data and tracing how it has been used. Benkow says at least 100,000 email accounts have been infected with the Ursnif banking malware via the “Onliner” spambot that compiled and uses this massive database.

Ursnif scans a victim’s system looking for bank account login credentials in particular, but it will steal anything that looks like login credentials to email, e-commerce, social media, and other accounts. Ursnif uses an unusual technique to infect victims’ systems.

Most malware spam employs a file attachment that triggers the download and execution of malware when it is opened. But many users are (finally) cautious about opening attachments, even if they appear to come from trusted contacts. So Onliner embeds an invisible URL in each HTML message it sends. When the message is opened, the URL fetches a pixel-sized image from the spammer’s master server; the tiny image also goes unnoticed.

Spammer password database

Along with the URL’s request for the image, it also sends info about the target machine, including its operating system and device info. This data tells the spammer whether the target is vulnerable to the Windows-based Ursnif malware. If not, there’s no point in sending Ursnif to that target, and doing so might raise unwanted attention.

Weeks or months after sending the probing email to millions of targets, Onliner sends another email with a disguised attachment to the few thousand Windows targets it has identified. The attachment may be presented as an invoice or some other important document. If the attachment is opened, a Javascript is triggered that downloads Ursnif malware to infect the victim.

But Wait... There's More!

Another clever trick allows Onliner to evade email servers’ spam filters. Many filters rely, at least in part, on lists of domains known to host spammers. But with the login credentials of an email server’s administrator account, Onliner can exempt its spam from being filtered. The database Benkow discovered contains over 80 million email servers’ admin credentials.

The database includes the admin credentials of 80 million email servers, which are used to spam 630 million email accounts. Onliner has been infecting victims with credential-stealing malware, but it could switch to “botnet” malware that enslaves victims’ computers to send spam, participate in denial-of-service attacks, and other shenanigans.

Here's another troubling aspect of this situation. If a hacker has access to a compromised email address and password, they can do what's called credential surfing. Many people use the same login credentials for multiple online accounts. So a hacker may use your email credentials and attempt to gain access to your online banking, social media, Paypal, eBay or other popular sites.

See these related articles for help with implementing my recommendations:
Crafting The Perfect Password
Dashlane's Free Automatic Password Changer
What is Two-Factor Authentication?
5-Point Tuneup For Hacker Defenses

What You Should Do

Onliner goes to unusual lengths to avoid detection by spam filters and security researchers. You cannot rely on your mail provider’s spam filters to keep you safe. You can check the Have I Been Pwned database to see if your email address was present in this spammer database. But don't be surprised, and don't panic if it does. In fact, you should ASSUME your email address and password have been compromised.

You, the end user of email, are still the best and last line of defense. Here's what I recommend:

  • Never click on an attachment without verifying who sent it, and why.
  • Change your email password every three months at least.
  • Use strong passwords, and never reuse passwords on multiple online accounts.
  • Use two-factor authentication whenever possible.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 31 Aug 2017

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 30 Aug 2017

The Top Twenty
Next Article:
Do You Have Wifi Intruders?

Most recent comments on "[ALERT] Change Your Passwords... NOW"

Posted by:

31 Aug 2017

Glad I use linux.

EDITOR'S NOTE: Regardless of your operating system choice, if your email address and password is compromised, you could be in a world of trouble.

Posted by:

31 Aug 2017

I think what @Radner is trying to say is that he feels that Linux machines are [more] secure!
That is what the Apple users used to say about their beloved OperatingSystem; until they started getting jacked!
So, it appears as though security awareness and protection is not necessarily AND solely dependent on the type of OS being used.
Throwing the baby out with the bathwater is too much to ask of users, whereas Mr. Bob Rankin's great advice may be a better alternative for credentials security!

Posted by:

31 Aug 2017

Unix variations and MacOS were "security through obscurity". Some black hats used the "that's where the money is" reasoning to only attack Windows but that left many insecure systems using the obscure software very complacent.
Complacency makes for easy targets.

Posted by:

31 Aug 2017

I can only hope all the people @ Kaspersky, Malwarebytes, Bitdefender et al are aware of this threat are doing something about it. Steve

Posted by:

John Anderson
31 Aug 2017

I'm in the same boat as misterfish—I have a similar bunch of passwords; changing them is a headache. But I've got a pretty good system to accomplish it. A password manager would make it simpler, but I'm concerned about the life span of the company that offers the service. If they fold, what happens? I haven't been able to find a clear answer to that. So, for now, they are homemade.

I also saw an article [was it here?] that said passwords are out-of-date, one should use a LONG phrase as a password. Maybe a good idea, but hardly any systems I access will take such a long password....

Posted by:

31 Aug 2017

@John Anderson,
(re: lifespan of offerings)
Most users of password managers have their own favorites. I have been using the open source (free) software called Keepass for the past 13 years with over 480 individual entries for all my credentials, even the way-expired ones.
If you use the following search queries at wikipedia.com, it will allow you see the list/comparison of all (free/pay) password managers.
"List of password managers" and
"Comparison of password managers"

Posted by:

John May
31 Aug 2017

I use a password lock from Avast to secure my passwords ?

Posted by:

top squirrel
31 Aug 2017

I just ran my email address thru "have I been pwned" and they say I'm not on any list of compromised accts.

Here are some things I do or avoid doing:

I get tons of girlie come-ons but I never click on links. You can get plenty of free pictures of nude women on the internet so why even open those? Some said they saw my picture on Facebook and I'm cute so they would like to have sex with me tonight. I answered I have no Facebook account nor is my picture anywhere on the internet. But I'm sure you'll find somebody to copulate with. Happy Trails! (The email got bounced right back as undeliverable.)

I never open attachments if a link is the sole message of an email and never if I don't know the sender or smell something, like if their acct may have been taken over. I have received several "I'm stranded in [name of country] and I need money to get out! Please send some!" from people I have corresponded with. One such guy couldn't walk 100 ft, let alone gallivant to Holland.

The Yahoo spam program filters out only sex ads, but sometimes genuine emails.

I correspond widely and sometimes prowl in bad neighborhoods. I have Avast, Comodo and Malwarebytes and I never click on suspect links.
Seems like that may be enough.

Posted by:

bob rice
31 Aug 2017

I have two factor p/w on two banks so they send a code to my cell phone. Even if hacked, they cannot access my phone number. But I'm really disappointed so many gigantic financial institutions don't offer it.

One's entire savings, investments, funds, CD's, etc., are vulnerable to a relatively simple hack.

I've asked these financial places, "Why not?" and they naively believe they are safe from hackers.

I then asked, "Why not have 2 factor ID when taking money out?" No replies.

Posted by:

31 Aug 2017

Thanks yet again, Bob. Although I don't open suspicious attachments, one of my email address has been pwned (but no pastes). I used the free Dashlane password manager program and also use Senders™ to "untrack" emails. Would the Senders untracker find and remove the Onliner tracker?

Regarding two-factor authentication: I don't have a cell phone, which is the only option some sites offer. Bummer. So I rely on Dashlane's password generator to create strong passwords for me.

Posted by:

31 Aug 2017

I read an article from an intelligence oriented magazine that the FBI recommends not using Kaspersky.

Posted by:

31 Aug 2017

It always made me smile when non-Windows operating system users appeared smug about how much safer their systems are. The common misunderstanding is not that the operating system is safer, it's that spammers (& the like) usually target the most popular operating system, thus propagating the highest number of victims. Theses days, any operating system is at risk, not just Windows.

Posted by:

01 Sep 2017

I saw one post from a user who has KeePass. I have been using this program from v. 1.something. It's great and you can build a password that even a government system will take. I have two of my emails on this list and one I have had compromised many times by different users. I have a strong password on it now and have culled down most of the junk from them.
On another subject, I tried Kaspersky AV for a little while and it disabled my Windows updates. So I'm back with Avast.

Posted by:

01 Sep 2017

When I click the link in your article, it says Malwarebytes was was compromised and hacked?
Are you kidding me???

Posted by:

01 Sep 2017

My Yahoo "pwned/but no pastes"p; but my Hushmail inviolate. More secure than the big 5 email platforms since Hushmail encrypts from you to email server (and no unstable JAVA), Hushmail's ad-free, faster, and other benefits made me glad USSA's infamously invasive NSA PRZM overtaking the big 5 email platforms pushed me to find best alternative at least fee (plus promo code) so worth it that I regret not making the switch sooner.(Tried Opera but swamped me in junk and hogged my laptop.)

Posted by:

01 Sep 2017

I purchased a Mac in '99' because I was told that it was more secure than an IBM. Within 3 months I was infected with a replicating virus that made e-mail impossible. The tech that cleared up my machine told me that the virus snuk in through the e-mail server. So nothing is safe, unless you keep it safe by not opening crap and changing passwords.

Posted by:

Pete Greenwood
01 Sep 2017

Spot on as usual, Bob. I was notified by Have I Been Pwned a few days ago. Today, lo and behold, an unsolicited email from Santander bank with attached 'Important Documents' pops up! What a surprise! Never had any dealings with Santander, so this is going straight in the bin, untouched! But thanks for the timely warning - I'll be re-setting a few crucial passwords immediately, and trawl through the rest over the next few days.

Posted by:

01 Sep 2017

Given your link in the last Geekly Update to an article about 2-factor security breaches, this is not necessarily THE ANSWER to all security worries. That article pointed out the sheer perseverance of some hackers. They'll spend hours trying to break in to what they believe is a valuable account. So we have to be just as persistent in fighting back: good security software, strong and unique passwords which are changed frequently, and lots of skepticism about emails from anyone.

Posted by:

Mace 'n' Cheese
04 Sep 2017

Don't let fear that a password manager might go out of business be your excuse for not using one! Use one that allows you to print out your passwords. "Print" to PDF, then put the file on a thumb drive and hide it--under insulation in your attic, if you're that paranoid. Or lock it in your home safe or bank safe deposit box. (You can encrypt it.)

You'll be safer overall that way than if you reuse simple passwords.

Posted by:

Paul Morris
15 Sep 2017

It is getting to the Point, that the Only Thing that One can do on the Internet, is just ''Research''!!!
I keep getting Messages from Legitimate Computer Geeks, and they keep saying Change Your Password, well it is really hard to Remember so many Passwords for every App. or whatever. I think eventually, I will probably go back to sending a Letter the old fashion way, and that is with a Stamp!

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ALERT] Change Your Passwords... NOW (Posted: 31 Aug 2017)
Source: https://askbobrankin.com/alert_change_your_passwords_now.html
Copyright © 2005 - Bob Rankin - All Rights Reserved