PHPMailer Abuse to Send Spam Emails
Spam ranks as a high threat vector for organizations. The PHPMailer library has been widely adopted in the criminal underground as a tool to send spam and monitor the health of spam campaigns.
Access to PHPMailer libraries is offered for sale on multiple marketplaces like Olux.io.
What can you buy on Olux.io?
- Stolen and hacked credentials
- Hacked PHPMailer installations
- Lists of email addresses
The size and scope of the marketplace
Distribution of PHPMailer installations from the US, Canada, and France:
- US 88%
- Canada 4%
- France 8%
Number of PHPMailers put up for sale on a daily basis:
- Canada 2 to 20
- France 1 to 32
- US 83 to 581
Olux.io traffic sources:
- Nigeria 29%
- Morocco 23%
- UK 13%
- Taiwan 9.9%
Revenue distribution:
- US 87%
- France 9%
- Canada 4%
PHPMailer pricing:
- Price starts at $2
- Maximum price for Canada and France is $20, and $30 for the United States
- Average price around $7
Profile of Hacked PHPMailer Installations:
- 59% did not send a test email to validate uptime
- 7% run on live websites
- For sale between 30 and 87 days on average
- Age can exceed 450 days which questions the operational value
How should your organization respond?
-
Do not rely solely on the reputation of the SMTP server sending you emails
Check in with your email filtering provider to better profile suspicious senders
