{"id":5671,"date":"2012-01-03T18:44:16","date_gmt":"2012-01-04T01:44:16","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=5671"},"modified":"2018-01-30T12:30:02","modified_gmt":"2018-01-30T19:30:02","slug":"millions-of-harvested-emails-offered-for-sale","status":"publish","type":"post","link":"https://www.webroot.com/blog/2012\/01\/03\/millions-of-harvested-emails-offered-for-sale\/","title":{"rendered":"Millions of harvested emails offered for sale"},"content":{"rendered":"<p>What does it take to be a successful spammer in 2012? Access to a botnet, <strong><a href=\"http:\/\/www.zdnet.com\/blog\/security\/spamming-vendor-launches-managed-spamming-service\/1899\">managed<\/a><\/strong> <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/10\/inside-managed-spam-service.html\">spamming<\/a><\/strong> <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2009\/03\/inside-yet-another-managed-spam-service.html\">appliance<\/a><\/strong>, spam templates that are capable of bypassing spam filters, and most importantly freshly <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/09\/250k-of-harvested-hotmail-emails-go-for.html\">harvested databases<\/a><\/strong> of <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/05\/segmenting-and-localizing-spam.html\">valid emails<\/a><\/strong> from multiple email providers.<\/p>\n<p>Let&#8217;s profile a web-based service currently selling millions of harvested emails to potential spammers, and find out just how easy it is to purchase that kind of data within the cybercrime ecosystem.<\/p>\n<p><!--more--><\/p>\n<p>Like every successful marketer, spammers too, know the basics of <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/05\/segmenting-and-localizing-spam.html\">market segmentation<\/a><\/strong>, and market localization. From vendors of <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/02\/localizing-cybercrime-cultural.html\">localization on demand services<\/a><\/strong>, offering spammers to ability to \u00a0<strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/11\/localizing-cybercrime-cultural.html\">translate their messages to the native languages<\/a><\/strong> of their prospective recipients, to vendors of segmented email databases, in 2012 spamming is easy to outsource and manage as a service.<\/p>\n<p>The web-service I&#8217;m going to profile is called Baza-Inform. Basically, it offers potential spammers segmented databases of harvested emails.<\/p>\n<p style=\"text-align:center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/01\/harvested_emails_gmail_hotmail_yahoo3.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter  wp-image-5682\" title=\"Harvested_Emails_Gmail_Hotmail_Yahoo\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/01\/harvested_emails_gmail_hotmail_yahoo3.png\" alt=\"\" width=\"688\" height=\"330\" \/><\/a><\/p>\n<p>Currently, the service has the following inventory of emails:<\/p>\n<ul>\n<li>mail.ru, bk.ru, list.ru, inbox.ru &#8211; 15 970 807<\/li>\n<li>ya.ru, yandex.ru, narod.ru &#8211; 3 091 994<\/li>\n<li>rambler.ru, lenta.ru, ro1.ru &#8211; 1 636 720<\/li>\n<li>qip.ru, pochta.ru, fromru.com &#8211; 1 944 490<\/li>\n<li>nextmail.ru &#8211; 185 987<\/li>\n<li>gmail.com, googlemail.com &#8211; 8 888 053<\/li>\n<li>yahoo.com, yahoo.us &#8211; 36 267 998<\/li>\n<li>hotmail.com &#8211; 28 829 391<\/li>\n<li>aol.com &#8211; 22 356 273<\/li>\n<li>gmx.com, gmx.de &#8211; 12 465 024<\/li>\n<\/ul>\n<p>Just how easy is it to harvest emails? Like in every other market segment within the cybercrime ecosystem, spammers are quick to adapt to emerging trends aiming to prevent the automatic harvesting of emails. In 2008, I came across an <strong><a href=\"http:\/\/ddanchev.blogspot.com\/2008\/08\/automatic-email-harvesting-20.html\">email harvester<\/a><\/strong> that&#8217;s capable of harvesting emails in the following formats:<\/p>\n<p>mail@mail.com<\/p>\n<p>mail[at]mail.com<\/p>\n<p>mail[at]mail[dot]com<\/p>\n<p>mail [space]mail [space]com<\/p>\n<p>mail(@)mail.com<\/p>\n<p>mail(a)mail.com<\/p>\n<p>mail AT mail DOT com<\/p>\n<p>Moreover, in 2009 it became evident that <strong><a href=\"http:\/\/www.zdnet.com\/blog\/security\/spammers-harvesting-emails-from-twitter-in-real-time\/3402\">spammers are directly harvesting emails from Twitter users<\/a><\/strong> who share their email details over the micro-blogging service. Clearly, such lists are fairly easy to compile, given the active harvesting on behalf of the spammers. In terms of quality assurance, prospective buyers cannot verify the validity of the database until they purchase it. Once they purchase it, they will use tools such as the\u00a0<strong><a href=\"http:\/\/ddanchev.blogspot.com\/2007\/04\/shots-from-malicious-wild-west-sample.html\">High Speed Verifier<\/a><\/strong> to verify their validity automatically.<\/p>\n<p>Monitoring of the service is ongoing. Details will be published as soon as they update their underground market proposition.<\/p>\n<p><em>You can find more about Dancho Danchev at his <strong><a href=\"http:\/\/nl.linkedin.com\/in\/danchodanchev\">LinkedIn Profile<\/a><\/strong>. You can also <strong><a href=\"http:\/\/www.twitter.com\/danchodanchev\">follow him on \u00a0Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What does it take to be a successful spammer in 2012? Access to a botnet, managed spamming appliance, spam templates that are capable of bypassing spam filters, and most importantly freshly harvested databases of valid emails from multiple email providers. Let&#8217;s profile a web-based service currently selling millions of harvested emails to potential spammers, and [&hellip;]<\/p>\n","protected":false},"author":65,"featured_media":17051,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4037,6171,6103,9409,3493,3561,9407,9401,6217,9405,8585,5799,9403,9249,9411,3947,6845,9415,9413,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5671"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=5671"}],"version-history":[{"count":1,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5671\/revisions"}],"predecessor-version":[{"id":19089,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5671\/revisions\/19089"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17051"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=5671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=5671"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=5671"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=5671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}