“A huge spambot ensnaring 711 million email accounts has been uncovered,” Zack Whittaker reports for ZDNet. “A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam. Those credentials are crucial for the spammer’s large-scale malware operation to bypass spam filters by sending email through legitimate email servers.”

“The spambot, dubbed ‘Onliner,”‘ is used to deliver the Ursnif banking malware into inboxes all over the world. To date, it’s resulted in more than 100,000 unique infections across the world, Benkow told ZDNet,” Whittaker reports. “Troy Hunt, who runs breach notification site Have I Been Pwned, said it was a ‘mind-boggling amount of data.’ Hunt, who analyzed the data and details his findings in a blog post, called it the ‘largest’ batch of data to enter the breach notification site in its history.”

“These emails appear innocuous enough, but they contain a hidden pixel-sized image. When the email is open, the pixel image sends back the IP address and user-agent information, used to identify the type of computer, operating system, and other device information,” Whittaker reports. “That helps the attacker know who to target with the Ursnif malware, by specifically targeting Windows computers, rather than sending malicious files to iPhone or Android users, which aren’t affected by the malware.”

Read more in the full article here.

“Just for a sense of scale, that’s almost one address for every single man, woman and child in all of Europe,” Troy Hunt blogs. “Email addresses, passwords and SMTP servers and ports spread across tens of gigabytes of files. It took HIBP 110 data breaches over a period of 2 and a half years to accumulate 711m addresses and here we go, in one fell swoop, with that many concentrated in a single location. It’s a mind-boggling amount of data.”

Read more in the full article here.

MacDailyNews Take: Macintosh unaffected. Yes, The Microsoft Tax is in full effect once again!

Regardless, this is yet another good reminder to employ strong, unique passwords for every service and use multi-step verification wherever possible.

Mac users can use Apple’s Keychain Access and iCloud Keychain to create and manage them. For those of us who are smartly all-Apple, it works like a dream.