Your Email Might Be Among the 43 Million Addresses Leaked by Trik Spam Botnet
The chances of finding your email in a malicious spam hit list are high. More than 43 million emails have leaked from a server of a spam botnet called Trik Spam, reported Bleeping Computer. Cybersecurity researchers found the leak while investigating the origins of mass distribution of a version of the Trik Trojan. The malicious software is a typical malware downloader used as a first stage for infecting users with GandCrab ransomware. The ransomware is known to lock the systems and change the wallpapers of the infected devices. The Trik Trojan itself also acts as an assembler having the ability to trick systems into joining the botnet.
The vast amount of emails was found on a misconfigured server operated by the hackers behind the botnet. Everyone with the IP address of the server located in Russia has been able to explore the sensitive data sitting on the Command and Control Server’s files. Currently, there is no evidence that the Trik Spam data contained the password of the leaked emails. The Trik Spam botnet has been around for more than ten years. The server is now offline.
The hackers behind the botnet have been renting it out to cybercriminals for years. Trik Spam is indeed not one of the most sophisticated recipient list databases, nor it is very complicated. And this is not the first time hackers misconfigure servers of spam botnets exposing the emails of millions of users. Panda Security reminds you that last summer, a total of 711 million unique email addresses were dumped by an online spambot called Onliner Spambot. The huge email database also contained the corresponding passwords of some of the emails.
What to do if your email is among the 43 million addresses leaked by the botnet?
Don’t panic, but be aware that the chances of you receiving malicious emails are high. Being a target of malspam campaigns is not the end of the world. People sometimes think that such data breaches are endless, and they are right. However, there is no need to give up on the internet. Practicing common sense and using antivirus tools can protect you from becoming a victim. Also, finding out if you have been affected is relatively easy too – the data from the Trik Spam leak is now searchable on Have I been Pwned.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
