A malware researcher has discovered a spamming operation spambot that could target more than 711 million email addresses.
The Spambot was first discovered by a Paris-based security expert, Benkow. But was brought to wider attention by the ZDnet news site.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a website where you can see if your email or username has been exposed by a security breach or not, says that this is “largest single set of data” he has ever added to his website.
Hunt wrote in his blog post, “The one I'm writing about today is 711m records which make it the largest single set of data I've ever loaded into HIBP. Just for a sense of scale, that's almost one address for every single man, woman, and child in all of Europe.”
And he tweeted, “Write-up is out! From Onliner Spambot to millions of email's lists and credentials https://t.co/yuBuZTvM3l #HaveIBeenPwnedpic.twitter.com/0AxaJf12YE”
The spambot can bypass spam filters because it uses leaked email addresses. According to Benkow, “thousands of valid SMTP accounts give the spammer a nice range of mail servers to send their messages from. There are many files like this too; another one contained 142k email addresses, passwords, SMTP servers and ports.”