The researcher, who goes by the handle Benkow, tells ZDNet that the malicious server is a known spambot named Onliner and is based in the Netherlands. The server contains email account passwords and Simple Mail Transfer Protocol server credentials (SMTP is an internet protocol used to send email) that help its malicious emails bypass spam filters in victim's inboxes.
Troy Hunt, who runs a database of compromised email accounts called Have I Been Pwned, told ZDNet that the collection contains a "mind-boggling amount of data" and is the "largest" collection to enter his database. (The second-to-largest batch was 393 million.)
Benkow tells ZDNet that the spambot is known for sending the Ursnif banking virus to Windows computers. Ursif malware steals people's banking login information through phishing emails disguised as invoices, hotel bills, or other innocuous emails. The virus has infected 100,000 machines, Benkow says.