Over 43 million email addresses have leaked from the command and control server of a spam botnet, a security researcher has told Bleeping Computer today.
The leaky server came to light while a threat intelligence analyst from Vertek Corporation, was looking into a recent malware campaign distributing a version of the Trik trojan, which was later infecting users with a second-stage payload —the GandCrab 3 ransomware.
The Vertek researcher discovered that Trik and GandCrab would download the malicious files that infected users’ systems from an online server located on a Russian IP address.
The researcher told Bleeping Computer that the group behind this operation misconfigured its server and left its content accessible to anyone accessing the IP directly.
On this server, he discovered 2201 text files, labeled sequentially from 1.txt to 2201.txt containing chunks of roughly 20,000 email addresses, each.
The Vertek researcher believes the operators of this server have been using these recipient lists to service other crooks who contracted their services to distribute various malware strains via malspam campaigns.
Server leaks 43,555,741 unique email addresses
“We pulled all of them to validate that they are unique and legitimate,” the researcher told Bleeping Computer earlier today. “Out of 44,020,000 potential addresses, 43,555,741 are unique.”
The researcher is now working with Australian security expert Troy Hunt, the owner of the Have I Been Pwned service, to determine how many of these emails are new and how many have been previously leaked in other data dumps.
“The email addresses are from…