Spambot Server – Massive exposure of Over 711 Million Email addresses

20 Sep 2017
No Comments

What is a Spambot?

Spambots are automated computer applications capable of sending enormous number of emails to a large mailing list. These Spambots are utilized by Spammers for multiple purposes.

A Malware can be spread by attaching a virus in a spam email. They are also used to post undignified things in other’s inbox.

Email Spambots are the common type of Spambots well known for crawling through the web and collect email contacts from many sources such a  Web posts, chat rooms, newsgroups, dicussion forum, customer forums.

In this blog, we are going to see about how 711 million email addresses were exposed from Spambot Server.



A Spambot named, Onliner Spambot has compromised 711 million email addresses and passwords.

NOW WATCH: Onliner had affected 711 Million Email Accounts


The above incident was identified by Benkow, a security researcher. He found that the text files of the host contains server information of emails, login passwords and email addresses, that spammers manage to send, while he had a quick visit across the web.

Making use of these credentials, malware spam, were sent by the spammers.

The Malware spam is efficient enough to bypass the spam filters, for they use valid email servers.

The Spambot tests each and every arrival by linking to server to make sure that the details are authentic and spam are made to send. All the accounts are ignored for those which didn’t work in accordance with this way.



Onliner Spambot made use of SMTP (Simple Mail Transfer Protocol) details to deliver its Ursnif malware.

Since 2006, The Ursnif, a trojan had been affecting the users by stealing their usernames and passwords and also their banking account informations along with their debit and credit card particulars.

In a statement Benlow said that the onliner Spambot were using a list which had near about 80 million accounts.



In the files, each and every line comprises of SMTP server, email contact address, login password and the port which is being used by them to send the emails.

The Spambots delivers a “Dropper” file which almost looks like a usual email attachment. This when clicked and opened, simply downloads malware.

The Onliner Spambot made to hide a small pixel-sized image in the emails, it sent. These gets in through the spam filters as the credentials are authentic.



This Email when clicked, the small pixel image gets loaded and sends the IP address back with the entire information of the user, that identifies the operating system and other information.

The Ursnif malware eases the work of the attackers, that he knows who to be targeted.

This strategy is termed ‘fingerprinting’, which allows the spammers to demonstrate that the email campaign was successful or not.



It is a Password protected – MS Word attachment. The email containing this attachments, is the initial attack, which is identified as backdoor.spamdoccryptd.bc, which ends in the theft of data, IE., the Ursnif malware.

Below is a sample SPAM email comprising Password protected – MS Word file attachment.



Verify Yourself:

If you think that your email address is in the list of the attack, all you have to do is, visit the website This website stores details of email contacts that have been exposed.



Panic time arises at the moment when you see your email address in the Onliner dump in the result section. Well settle down a bit and take a deep breath  and spend some time for simple remedial measures which are:

  • Changing your email passwords immediately
  • Ensure that you are not using the same password in any other accounts online, mainly for banking purpose.
  • Enable 2FA (Two Factor Authentication). Please refer to our other blogs on the usage of 2FA in a detailed way.
  • Always be aware of any suspicious activity on your bank account, as the attackers will try to secretly access your personal information.
NOW WATCH: 711 Million email Id’s Hacked. How to check Your’s?


A Info-graphic demonstration of the Spambot Invaders ilustrating the countries with the most spam sending bots in the entire world.




Leave a Reply

Your email address will not be published. Required fields are marked *