Windows users have been warned as a new spambot has found a way to bypass spam filters and infect computers with malware.

This spam mail can steal passwords, credit card details, and other personal information by tricking users into opening an attachment which causes the malware to download, thus infecting the computer.

The spambot has till now affected 711 million email addresses worldwide and collected millions of credentials from different emails by sending spam mails to various inboxes through legitimate servers.

The spambot, dubbed as “Onliner” is being used to deliver the "Ursnif" banking malware to inboxes all over the world. It has already caused more than 100,000 unique infections as per a blog post by Paris-based researcher Benkow.

A spambot is a computer program that is programmed and designed to assist in sending spam. They function by creating accounts and send spam messages automatically.

The web server of the spambot, based somewhere in Netherlands, has stored dozens of text files containing a huge batch of email addresses, and passwords and accessed email servers to send spam.



Troy Hunt, who runs the breach notifications website Have I Been Pwned said it was a “mind-boggling” amount of data, adding in his tweet that a total of 711,477,622 email addresses breached till that point. In a blog post , he also added that this was the “largest” batch of data to enter the breach notification site in its history.

It took an expert like Hunt months to dig into the Ursnif malware which is a data stealing Trojan that grabs personal information such as login details, passwords and credit card data once it lands into the website, as per technical staff at Palo Alto’s Network’s Research Center.

How can you get infected

Once your email is caught in the spammer’s filter, an email looking like a legitimate one will be sent to you with an attachment which once clicked upon will automatically start downloading the malware from an external server and infect your system.

How to avoid getting spammed

Security measures like multi-factor authentication (security keys, random number generating apps or phone messages apart from just passwords) which Google already has, and generate complex passwords with help of a password manager (both free and paid versions available) to manage passwords across devices can be used securing your online account.

In order to send spam, the spammer needs access to something called SMTP (simple mail transfer protocol) credentials, which authenticates them to send the spam mails.



"The more SMTP servers he can find, the more he can distribute the campaign," Benkow wrote about the spammer.

These SMTP credentials are scraped by the spambots from data breaches (such as LinkedIn and Badoo hacks) and from other unknown sources.

The Ursnif malware only works on Windows computers.

If you want to find out whether your address has been affected, you can do a search through Have I Been Pwned here.

While there are more than 700 million email addresses unearthed to have been breached by the spambot, the actual number of humans affected may be lesser.