ROUNDTABLE: The significance of the ‘Onliner’ spambot leaking 711 million emails

By Byron V. Acohido

A spambot, referred to as Onliner, has been discovered delivering a malicious banking Trojan. What’s worse, the spammers behind Onliner inadvertently exposed some 711 million email addresses held in their possession.

Some context is needed to grasp the significance of this. Consider that spambots have been around for a long time. For the most part, garden-variety spambots are a huge nuisance, designed to carry out a two-stage mission. First, a spambot crawls the internet seeking out email addresses from websites, news group postings and chat-room conversations, and from this crawling activity it compiles a gargantuan mailing list. Next, a spambot blasts out email pitches for all manner of sketchy products and services.

Related video: Scammers take advantage of trust in Gmail, Google Drive

Onliner happens to be an especially pernicious spambot. It is designed to bypass many types of spam filters, and it delivers messages carrying corrupted attachments, such as invoices from government bodies, hotel reservation details, and DHL notifications. By clicking on one of these attachments, the recipient installs the Ursnif banking Trojan. Ursnif very swiftly steals account logons, credit card details, and other personal information.

It turns out that the spammers operating Onliner neglected to lock down one of their servers, allowing anyone to see and download a master mailing list of 711 million email addresses. Allegedly, other spammers used this information to send large amounts of spam through legitimate email accounts, thus bypassing spam filters.

LastWatchdog convened a roundtable of cybersecurity experts to discuss Onliner’s wider ramifications. Here are their comments, edited for clarity and length.

Jonathan Sander, STEALTHbits CTO

Jonathan Sander, chief technology officer, STEALTHbits Technologies

“Perhaps the scariest part of this massive leak is seeing how much data the bad guys have and how little they are doing to protect it. Some may think the bad guys have no motivation to protect our data, but they do. The amount and how well enriched their data set is becomes their competitive advantage in a crowded black market. Just like people using Google more than other search engines because of their huge reach, the black market has brands that stake their reputation on having the biggest database of quality, stolen data. To see that even with such financial motivation they are failing to secure their ill-gotten goods is disheartening.”

John Suit, Trivalent CTO

John Suit, chief technical officer, Trivalent

“Revelations like this continue to be a wake-up call to organizations everywhere. Even with regular employee training, it only takes one employee opening a bad email to put an entire enterprise’s data at risk of malware, ransomware and other threats. The only way to completely circumvent hacker threats this is by approaching data protection proactively, rather than reactively, protecting enterprise data at the file level. By taking this defense-in-depth approach, spammers can never succeed in gaining access to actual company files.”

James_Romer, SecureAuth chief security architect

James Romer, chief security architect, SecureAuth

“Despite increasingly complex password use, data breaches continue to soar. Ultimately, we need to ditch the password completely. Removing the ‘human knowledge’ element from the authentication process improves security and improves the user experience. Going passwordless and using multifactor authentication methods like fingerprint or behavioral biometrics is a huge step forward in negating attempts to gain access using compromised credentials.”

Christian Lees, InfoArmor CTO

Christian Lees, chief technology officer, InfoArmor

“Threat actors continue to expand their methods to potentially mainstream or expand their revenue streams. Continuous large data disclosures of this type, with potentially unverifiable data sources and targets, increase alert fatigue for security professionals. Also, this is another reminder that threat actors also live by the dual-edge sword of security.”

Giovanni Verhaeghe, VASCO Data Security director product & market strategy

Giovanni Verhaeghe, director product & market strategy, VASCO Data Security

“As users now demand a seamless experience across channels, organizations have the added responsibility of making sure that information is secure across these channels. The more user-friendly the system is, the more it needs security. This security can be transparent for sure, but if it doesn’t protect users and their data, it could be leaving the door opening for malicious and crippling attacks . . . The burden of responsibility lies heavily on organizations, and how much they invest in securing the information users share with them will make a huge difference to user confidence.”

More stories related to spambots and other email-related breaches:
Most businesses unprepared for email-based attacks
Anatomy of an attack: Duping investors using WhatsApp ruse
Major security threats lurk in your inbox

This article originally appeared on

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone