Internet Security

We found a massive spam operation — and sunk its server

For ten days in March, millions were caught in the same massive spam campaign. Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent…

Published 7 years ago in
We found a massive spam operation — and sunk its server


For ten daysin March, millions were caught in the same massive spam campaign.

Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.

The emails were so convincing more than 100,000 people clicked through.

We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.

Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to avoid getting blacklisted by anti-spam providers. But the server was primed to start spamming again.

Given there were more than three million unique exposed credentials sitting on this spammer’s server — hosted onintelimost.com, we wanted to secure the data as soon as possible. With no contact information for the spammer — surprise, surprise — we asked the hosting provider, Awknet, to pull the server offline. Within a few hours of making contact, the provider nullrouted the server, forcing all its network traffic into a sinkhole.

TechCrunch provided a copy of the database to Troy Hunt. Anyone can now check breach notification site Have I Been Pwned to see if their email was misused.

But the dormant server — while it was still active — offered a rare opportunity to understand how a spam operation works.

The one thing we didn’t have was the spam email itself. We reached out to dozens of people to ask about the email they received. Two replied — but only one still had a copy of the email.

The email sent by the spammer. (Image: supplied)

“The same mail appeared on three occasions,” said one of the recipients in an email to TechCrunch. “The subject was related to an email I had sent previously

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet Security

2025: The Year Bitcoin Mining Reached Zettahash Scale and Redefined Network Security

Bitcoin’s mining sector spent 2025 rewriting the record books, powering the network from an already massive 801 exahashes per second at the start of the year into the historic zettahash era by September. Bitcoin’s Miners Powered Through Thin Fees This Year but Still Broke Into the Zettahash Era Bitcoin’s 2025 mining story begins with a

Published 20 hours ago in
2025: The Year Bitcoin Mining Reached Zettahash Scale and Redefined Network Security

Bitcoin’s mining sector spent 2025 rewriting the record books, powering the network from an already massive 801 exahashes per second at the start of the year into the historic zettahash era by September. Bitcoin’s Miners Powered Through Thin Fees This Year but Still Broke Into the Zettahash Era Bitcoin’s 2025 mining story begins with a [……
Read More

Continue Reading
Internet Security

Stay Safe Online This Holiday With Up to 50% Off Webroot’s Cybersecurity Plans

It may be the season of giving, but there are things you don’t always want to receive. A computer virus is one of them. Unfortunately, cybercriminals don’t take breaks for the holidays, which means you need to do everything in your power to protect yourself against these perpetual naughty listers. Cybersecurity software is the easiest

Published 2 weeks ago in
Stay Safe Online This Holiday With Up to 50% Off Webroot’s Cybersecurity Plans

It may be the season of giving, but there are things you don’t always want to receive. A computer virus is one of them. Unfortunately, cybercriminals don’t take breaks for the holidays, which means you need to do everything in your power to protect yourself against these perpetual naughty listers. Cybersecurity software is the easiest way to ensure you and your family stay safe online, and Webroot is a solid all-in-one software option. See more info below and how to save big before New Year’s Day on this cybersecurity option.

Get Half Off Webroot’s Total Protection Cybersecurity Plan

Right now, new customers can grab a Webroot subscription for up to 50% off. Whether you’re looking to keep the brand-new laptop you plan to get free from malware with a basic antivirus plan, or you want to protect all your family’s devices from viruses, data breaches, and more with Webroot’s Total Protection plan, it’s the best time to save. These deals only lasts until the ball drops, ringing in the New Year, so grab a discounted plan while you still can.

Although IGN hasn’t reviewed this cybersecurity software, our friends at PCMag gave it a “Good” review score earlier this year for Webroot’s Total Protection plan.

What’s Covered in the Webroot Total Protection Plan?

A data breach, phishing email, or malicious download could wreak havoc on your devices or, worse, your identity. Webroot is there to keep you safe from it all, bringing peace of mind even when you slip up and end up somewhere not-too-great online. Webroot’s Total Protection plan provides the most comprehensive coverage, and plans for new customers start at just $89.99 for the first year, thanks to that hefty 50% discount. Below is everything covered if you opt for Total Protection:

1. Antivirus Protection

  • Faster scans than competitors with less software bloat
  • Web Threat Shield and text scam detection to prevent you from visiting malicious

Read More

Continue Reading
Internet Security

Hyundai Group hit by Bitcoin bomb email as police probe copycat extortion

The rise in bomb threats against major corporations highlights growing cybersecurity challenges and the need for enhanced digital defenses. The post Hyundai Group hit by Bitcoin bomb email as police probe copycat extortion appeared first on Crypto Briefing…

Published 2 weeks ago in
Hyundai Group hit by Bitcoin bomb email as police probe copycat extortion

The rise in bomb threats against major corporations highlights growing cybersecurity challenges and the need for enhanced digital defenses.
The post Hyundai Group hit by Bitcoin bomb email as police probe copycat extortion appeared first on Crypto Briefing…
Read More

Continue Reading
Internet Security

Over 25,000 FortiCloud SSO devices exposed to remote attacks

Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. …

Published 2 weeks ago in
Over 25,000 FortiCloud SSO devices exposed to remote attacks

Internet security watchdog Shadowserver has found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, amid ongoing attacks targeting a critical authentication bypass vulnerability. …
Read More

Continue Reading