成人小说亚洲一区二区三区,亚洲国产精品一区二区三区,国产精品成人精品久久久,久久综合一区二区三区,精品无码av一区二区,国产一级a毛一级a看免费视频,欧洲uv免费在线区一二区,亚洲国产欧美中日韩成人综合视频,国产熟女一区二区三区五月婷小说,亚洲一区波多野结衣在线

垃圾郵件制造者操縱大批被盜用的電腦和互聯(lián)網(wǎng)賬號，針對可能受害的人傳播惡意程序、釣魚軟件、竊取密碼的網(wǎng)頁、推銷假藥的廣告，以及發(fā)起社交工程攻擊。被病毒感染或者被黑的賬號每增加一個(gè)，暗黑產(chǎn)業(yè)就擴(kuò)張一步。

最近，巴黎一位網(wǎng)名為Benkow的網(wǎng)絡(luò)安全研究人士發(fā)現(xiàn)，一個(gè)臭名昭著的垃圾郵件機(jī)器人攫取了多達(dá)40G的海量數(shù)據(jù)。用來發(fā)送垃圾郵件的計(jì)算機(jī)程序叫Onliner，存有7.11億個(gè)電郵地址和數(shù)百萬盜取的密碼，由此可一窺龐大的網(wǎng)絡(luò)犯罪如何利用分發(fā)渠道四處蔓延。

上周二科技網(wǎng)站ZDNet率先報(bào)道，Benkow查到了Onliner下達(dá)指令和控制的服務(wù)器，也即操縱垃圾郵件傳播活動(dòng)的元兇。Benkow在Blogspot上發(fā)表博文解釋稱，服務(wù)器的目錄是開放的，所以他能下載其中所有數(shù)據(jù)。

隨后Benkow通知了另一位知名的網(wǎng)絡(luò)安全研究者特洛伊·亨特。亨特將信息上傳到聚合外泄數(shù)據(jù)網(wǎng)站haveibeenpwned.com。訪問該網(wǎng)站可以查看自己的個(gè)人電郵賬戶是否已遭泄露。（亨特自己的賬號也在列表中。）

據(jù)亨特分析，在Onliner操控的7.11億電郵地址中，有一些是無效的。他指出，所有他測試過的曝光密碼都是去年從社交網(wǎng)站LinkedIn盜出的。這意味著，垃圾郵件制造者在利用以前泄密的數(shù)據(jù)，也就是說如果用戶使用跟失竊賬戶相同的登陸信息，或者在個(gè)人信息泄露后麻痹大意忘記修改密碼，就會(huì)遭垃圾郵件傳播者利用。

在電郵中，殺毒軟件初創(chuàng)公司Cylance的高級研究科學(xué)家吉姆·沃爾特向《財(cái)富》雜志表示：“公開曝光之后數(shù)據(jù)泄露也沒有結(jié)束。泄密的數(shù)據(jù)會(huì)一直存在，黑客可以反復(fù)使用、出售、轉(zhuǎn)售，都是些見不得人的勾當(dāng)?！?/p>

社交媒體安全初創(chuàng)公司ZeroFOX的首席數(shù)據(jù)科學(xué)家菲爾·徒利表示贊同。他在電郵中指出：“有些用戶比較懶，各處用的密碼都一樣或者極其相似，黑客就能輕易破解其他社交網(wǎng)絡(luò)、電郵、零售或者銀行賬戶，導(dǎo)致?lián)p失情況很復(fù)雜。”

溫馨提示：保障網(wǎng)絡(luò)賬戶安全，請用多種方式認(rèn)證身份（比如安全鍵盤、生成隨機(jī)數(shù)字的應(yīng)用或者手機(jī)短信驗(yàn)證，這三種安全性依次降低）。在密碼管理應(yīng)用上生成并存儲復(fù)雜又獨(dú)特的長串密碼。另外，可以訪問haveibeenpwned.com查看個(gè)人賬戶是否泄露。（如果已經(jīng)泄露，最好趕緊更改登陸信息。）

“遺憾的是，就算從數(shù)據(jù)庫中發(fā)現(xiàn)信息泄露，也沒法搞清到底從哪里漏出去的，所以不知道該怎么防范，”亨特在個(gè)人博客中寫道，“我也不知道垃圾信息為什么找上我。身為從業(yè)者，我在日常工作中會(huì)接觸各種數(shù)據(jù)信息，原本應(yīng)該比較了解 ，但研究一通之后我也只能感嘆一下‘啊，原來垃圾郵件是這樣發(fā)給我的?！保ㄘ?cái)富中文網(wǎng)）

譯者：Pessy

審稿：夏林

Spammers use armies of compromised computers and online accounts to disseminate malware, phishing lures, password-stealing webpages, knockoff drug ads, and social engineering attacks to prospective victims. Every additional infection or hijacked account grows the shady enterprise.

A security researcher based in Paris who goes by the online alias "Benkow" recently stumbled across a treasure trove of data—40 gigabytes worth—related to a notorious spambot, a computer program used to send spam, dubbed "Onliner." The cache contains 711 email addresses and millions of hacked passwords, and it provides a glimpse inside the distribution channel of a vast cybercriminal operation.

In this case, "Benkow" uncovered the spambot's command and control server, the machine that orchestrates a spam campaign's activity, as ZDNet first reported on Tuesday. The server's directory was open, meaning he was able to download all the data therein contained, as he explained in a post on his personal Google (goog, +1.02%) Blogspot website.

Benkow tipped off another well-known security researcher, Troy Hunt, who subsequently uploaded the information to his data breach aggregation site, haveibeenpwned.com. You can visit the site to see whether credentials related to your own email account were included in the dump. (Hunt's were included.)

According to Hunt's analysis, some portion of the 711 million email addresses were malformed, or invalid. He noted that all of the exposed passwords he tested originally leaked in an earlier breach of LinkedIn, meaning that the spammers were reusing data from past breaches—allowing them to take advantage of people who reuse login credentials or neglect to change their passwords after their exposure in security breaches—to fuel their operation.

"Data breaches don’t end after the public disclosure," said Jim Walter, senior research scientist at Cylance, an antivirus startup, in an email to Fortune. "Leaked/breached data can continue to live on and be used, reused, sold, re-sold, etc. for purposes just as described here."

Phil Tully, principal data scientist at ZeroFOX, a social media security startup, concurred. "As users notoriously set identical or highly-similar passwords across different digital channels, attackers are able to use them to pivot to a victim’s other social, email, retail or banking accounts, compounding the initial damage," he said in an email.

Some advice: Secure your online accounts using multi-factor authentication (security keys, random number generating apps, or phone messages, in descending order of security). Generate and store long, complex, unique passwords in password manager apps. And check to see whether you've been compromised in haveibeenpwned.com. (If you have, best to switch up your login credentials.)

"Finding yourself in this data set unfortunately doesn't give you much insight into where your email address was obtained from nor what you can actually do about it," wrote Hunt in a blog post on his website. "I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went 'ah, this helps explain all the spam I get.'"