EXECUTIVE SUMMARY:

An unprotected server hosted in the Netherlands has led to a massive data leak of historic proportions. Discovered by a French-based security researcher known as Benkow, the exposed information includes 711 million email accounts.

Credentials for these accounts are fed into a spambot known as “Onliner,” which delivers Ursnif banking malware to email inboxes across the globe. Because the SMTP servers for the captured email accounts are legitimate, they’re able to bypass spam filters.

The credentials have been pulled from other data breaches like the LinkedIn hack in 2012. Each stolen account includes the email address and password, and the SMTP server and port used to send the email. Once the accounts have been tested, the spam campaign begins.

Embedded with hidden pixel-sized images, the emails find their way to their targets. Once opened, the pixel image relays the IP address and information that identifies the type of computer, operating system, and device information. Knowing that information helps the cyber criminal know which targets will be vulnerable to the Ursnif malware.

Read the full story here.