精品国产_亚洲人成在线高清,国产精品成人久久久久,国语自产偷拍精品视频偷拍

垃圾郵件制造者操縱大批被盜用的電腦和互聯網賬號，針對可能受害的人傳播惡意程序、釣魚軟件、竊取密碼的網頁、推銷假藥的廣告，以及發起社交工程攻擊。被病毒感染或者被黑的賬號每增加一個，暗黑產業就擴張一步。

最近，巴黎一位網名為Benkow的網絡安全研究人士發現，一個臭名昭著的垃圾郵件機器人攫取了多達40G的海量數據。用來發送垃圾郵件的計算機程序叫Onliner，存有7.11億個電郵地址和數百萬盜取的密碼，由此可一窺龐大的網絡犯罪如何利用分發渠道四處蔓延。

上周二科技網站ZDNet率先報道，Benkow查到了Onliner下達指令和控制的服務器，也即操縱垃圾郵件傳播活動的元兇。Benkow在Blogspot上發表博文解釋稱，服務器的目錄是開放的，所以他能下載其中所有數據。

隨后Benkow通知了另一位知名的網絡安全研究者特洛伊·亨特。亨特將信息上傳到聚合外泄數據網站haveibeenpwned.com。訪問該網站可以查看自己的個人電郵賬戶是否已遭泄露。（亨特自己的賬號也在列表中。）

據亨特分析，在Onliner操控的7.11億電郵地址中，有一些是無效的。他指出，所有他測試過的曝光密碼都是去年從社交網站LinkedIn盜出的。這意味著，垃圾郵件制造者在利用以前泄密的數據，也就是說如果用戶使用跟失竊賬戶相同的登陸信息，或者在個人信息泄露后麻痹大意忘記修改密碼，就會遭垃圾郵件傳播者利用。

在電郵中，殺毒軟件初創公司Cylance的高級研究科學家吉姆·沃爾特向《財富》雜志表示：“公開曝光之后數據泄露也沒有結束。泄密的數據會一直存在，黑客可以反復使用、出售、轉售，都是些見不得人的勾當?！?/p>

社交媒體安全初創公司ZeroFOX的首席數據科學家菲爾·徒利表示贊同。他在電郵中指出：“有些用戶比較懶，各處用的密碼都一樣或者極其相似，黑客就能輕易破解其他社交網絡、電郵、零售或者銀行賬戶，導致損失情況很復雜。”

溫馨提示：保障網絡賬戶安全，請用多種方式認證身份（比如安全鍵盤、生成隨機數字的應用或者手機短信驗證，這三種安全性依次降低）。在密碼管理應用上生成并存儲復雜又獨特的長串密碼。另外，可以訪問haveibeenpwned.com查看個人賬戶是否泄露。（如果已經泄露，最好趕緊更改登陸信息。）

“遺憾的是，就算從數據庫中發現信息泄露，也沒法搞清到底從哪里漏出去的，所以不知道該怎么防范，”亨特在個人博客中寫道，“我也不知道垃圾信息為什么找上我。身為從業者，我在日常工作中會接觸各種數據信息，原本應該比較了解 ，但研究一通之后我也只能感嘆一下‘啊，原來垃圾郵件是這樣發給我的。’”（財富中文網）

譯者：Pessy

審稿：夏林

Spammers use armies of compromised computers and online accounts to disseminate malware, phishing lures, password-stealing webpages, knockoff drug ads, and social engineering attacks to prospective victims. Every additional infection or hijacked account grows the shady enterprise.

A security researcher based in Paris who goes by the online alias "Benkow" recently stumbled across a treasure trove of data—40 gigabytes worth—related to a notorious spambot, a computer program used to send spam, dubbed "Onliner." The cache contains 711 email addresses and millions of hacked passwords, and it provides a glimpse inside the distribution channel of a vast cybercriminal operation.

In this case, "Benkow" uncovered the spambot's command and control server, the machine that orchestrates a spam campaign's activity, as ZDNet first reported on Tuesday. The server's directory was open, meaning he was able to download all the data therein contained, as he explained in a post on his personal Google (goog, +1.02%) Blogspot website.

Benkow tipped off another well-known security researcher, Troy Hunt, who subsequently uploaded the information to his data breach aggregation site, haveibeenpwned.com. You can visit the site to see whether credentials related to your own email account were included in the dump. (Hunt's were included.)

According to Hunt's analysis, some portion of the 711 million email addresses were malformed, or invalid. He noted that all of the exposed passwords he tested originally leaked in an earlier breach of LinkedIn, meaning that the spammers were reusing data from past breaches—allowing them to take advantage of people who reuse login credentials or neglect to change their passwords after their exposure in security breaches—to fuel their operation.

"Data breaches don’t end after the public disclosure," said Jim Walter, senior research scientist at Cylance, an antivirus startup, in an email to Fortune. "Leaked/breached data can continue to live on and be used, reused, sold, re-sold, etc. for purposes just as described here."

Phil Tully, principal data scientist at ZeroFOX, a social media security startup, concurred. "As users notoriously set identical or highly-similar passwords across different digital channels, attackers are able to use them to pivot to a victim’s other social, email, retail or banking accounts, compounding the initial damage," he said in an email.

Some advice: Secure your online accounts using multi-factor authentication (security keys, random number generating apps, or phone messages, in descending order of security). Generate and store long, complex, unique passwords in password manager apps. And check to see whether you've been compromised in haveibeenpwned.com. (If you have, best to switch up your login credentials.)

"Finding yourself in this data set unfortunately doesn't give you much insight into where your email address was obtained from nor what you can actually do about it," wrote Hunt in a blog post on his website. "I have no idea how this service got mine, but even for me with all the data I see doing what I do, there was still a moment where I went 'ah, this helps explain all the spam I get.'"