Skip to main content

An Analysis of 3,000 Malware Email Addresses

posted onDecember 7, 2017
by l33tdawg

While analyzing malware 24/7, we decided to continue our collection of email addresses found in malicious code. With the help of SiteLock's Sig Q Team we tripled our existing collection of malware email addresses to over 3,000. Looking at the data we get to see the prefered email providers of phishers, key words in malicious email addresses, and the spoofed From: addresses used by bad actors. Finally, we capitalized on a test address and unregistered domain to get a look inside the end of the phishing process.

The full list of 3,060 email addresses list is on GitHub and can be used as indicators of compromise, particularly for website security. The list mainly consists of phishing addresses, with addresses from web shells, defacements, and other miscellaneous files rounding out the 3,000.

The majority of email addresses were collected from phishing infections -- disposable email addresses used to receive pilfered credentials. Below is an example of a phishing infection. It's a PHP file written or uploaded to a site that collects and sends unwary victims' email addresses and passwords to the malicious actors email address, hopful101@zoho[.]com.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th