A French researcher has discovered a huge spam botnet that makes use of a database consisting of a whopping 711 million different email addresses.

Botnet Onliner

The botnet is called Onliner and is being used to spread malware attached to harmful emails. The addresses are mostly used to infect victims with a specialized virus called the Ursnif Banking Trojan. This Trojan variant was specifically designed to retrieve personal data regarding online banking.

Tracking Pixel

Onliner uses the usernames and passwords of around 80 million hacked accounts to spread its malware. These account details were acquired during previous leaks in the Linkedin and Badoo databases. The aforementioned accounts of 80 million email addresses is then used to spread the infected emails to the remaining 630 million other email addresses but this time a secret tracking pixel is included. This tracking pixel operates by sending sensitive data back to its administrator in the form of an IP-address and user agent information as soon as the email has been opened.

Ursnif Banking Trojan

With these details the administrators of this botnet can decide which victims are the ideal targets for their specific Banking Trojan. This method of preselection is supposed to maximize the effect of the massive botnet. To combat Online the complete list of the 711 million addresses has been included in the Have I Been Pwned database. Sources also state that the botnet is being hosted on a Dutch server. The relevant authorities have been notified of its existence and got the suggestion to shut the server down as soon as possible.

Would you like to check your email addresses for the possibility of a security breach? Try www.haveibeenpwned.com to make sure your accounts are safe!