Millions of harvested emails offered for sale

by

Share this news now.

What does it take to be a successful spammer in 2012? Access to a botnet, managed spamming appliance, spam templates that are capable of bypassing spam filters, and most importantly freshly harvested databases of valid emails from multiple email providers.

Let’s profile a web-based service currently selling millions of harvested emails to potential spammers, and find out just how easy it is to purchase that kind of data within the cybercrime ecosystem.

Like every successful marketer, spammers too, know the basics of market segmentation, and market localization. From vendors of localization on demand services, offering spammers to ability to  translate their messages to the native languages of their prospective recipients, to vendors of segmented email databases, in 2012 spamming is easy to outsource and manage as a service.

The web-service I’m going to profile is called Baza-Inform. Basically, it offers potential spammers segmented databases of harvested emails.

Currently, the service has the following inventory of emails:

  • mail.ru, bk.ru, list.ru, inbox.ru – 15 970 807
  • ya.ru, yandex.ru, narod.ru – 3 091 994
  • rambler.ru, lenta.ru, ro1.ru – 1 636 720
  • qip.ru, pochta.ru, fromru.com – 1 944 490
  • nextmail.ru – 185 987
  • gmail.com, googlemail.com – 8 888 053
  • yahoo.com, yahoo.us – 36 267 998
  • hotmail.com – 28 829 391
  • aol.com – 22 356 273
  • gmx.com, gmx.de – 12 465 024

Just how easy is it to harvest emails? Like in every other market segment within the cybercrime ecosystem, spammers are quick to adapt to emerging trends aiming to prevent the automatic harvesting of emails. In 2008, I came across an email harvester that’s capable of harvesting emails in the following formats:

mail@mail.com

mail[at]mail.com

mail[at]mail[dot]com

mail [space]mail [space]com

mail(@)mail.com

mail(a)mail.com

mail AT mail DOT com

Moreover, in 2009 it became evident that spammers are directly harvesting emails from Twitter users who share their email details over the micro-blogging service. Clearly, such lists are fairly easy to compile, given the active harvesting on behalf of the spammers. In terms of quality assurance, prospective buyers cannot verify the validity of the database until they purchase it. Once they purchase it, they will use tools such as the High Speed Verifier to verify their validity automatically.

Monitoring of the service is ongoing. Details will be published as soon as they update their underground market proposition.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.

Tags:



About the Author

Name: Dancho Danchev
Role: Retired ThreatBlog Member

Share this news now.

Dancho Danchev is an internationally recognized security blogger, cybercrime researcher, and a public speaker.  He’s been an active security blogger since 2006, maintaining a popular security blog, where he shares detailed analyses of tactics, techniques, and procedures (TTP) of malicious and fraudulent adversaries.

You can find out more about Dancho’s expertise and experience at his LinkedIn Profile, or at Wikipedia.

You can alsofollow him on  TwitterGoogle+ or Facebook.


Share this news now.

Trackbacks

  1. [...] Moreover, the bot is capable of killing antivirus software on Windows XP, 2003 and 2000, next to harvesting email addresses from the infected PC, and then spamming [...]

  2. [...] monitor and record calls via Siri.If this all sounds a little paranoid to you, don’t forget there is a massive market out there for illicit access to our emails, contacts, phone numbers and other private data. Some [...]

  3. [...] ※この記事は1月3日に更新された英語版の参考和訳です。 [...]

  4. [...] ecosystem. With thousands of malware-infected hosts ready to spamvertise billions of emails, fresh databases of harvested emails, next to the fact that end and corporate users continue clicking on links found in spam emails, [...]

  5. [...] the underground service offering millions of harvested emails for sale profiled at the Webroot Threat Blog in [...]

  6. [...] month, Webroot profiled an underground web service that continue selling millions of already harvested email addresses, next to another service, selling exclusive access to U.S Government and U.S Military email [...]

  7. [...] needed to become a spammer, starting for a managed spam appliance, DIY email harvesters, and millions of harvested emails, are available for sale within the cybercrime ecosystem. Despite the numerous [...]

  8. [...] continue launching new DIY cybercrime-friendly e-shops offering access to compromised accounts, harvested email databases, and accounts that have been purchased using stolen credit card data,  in an attempt to diversify [...]

  9. [...] the following posts to get the “big picture” on how the spam ecosystem really works - Millions of harvested emails offered for sale; Millions of harvested U.S government and U.S military email addresses offered for sale; New DIY [...]