The spam-bot has collected millions of email credentials and server login information in order to send spam through "legitimate" servers, defeating many spam filters.
A huge spam-bot ensnaring 710 million plus email accounts has been uncovered.
A Paris-based security researcher, who goes by the pseudonymous handle Benkow, discovered an open and accessible web server hosted in the Netherlands, which stores dozens of text files containing a huge batch of email addresses, passwords, and email servers used to send spam.
Those credentials are crucial for the spammer's large-scale malware operation to bypass spam filters by sending email through legitimate email servers.
The spammer's Onliner campaign, however, uses a sophisticated setup to bypass those spam filters. To send spam, the attacker needs a huge list of SMTP credentials and those credentials authenticate the spammer in order to send what appears to be legitimate email.
But while spamming is still an effective malware delivery method, email filters are getting smarter and many domains found to have sent spam have been blacklisted.