Why Email Addresses?

When the SiteLock support teams clean malware from websites, it’s not unusual to find email addresses somewhere in the injected code.  So the research team decided to dig into some of those  malware email addresses to see what we could learn.

With the help of the SECCON (security concierge) and Expert Services teams, we gathered over 1,000 email addresses in short order. We hoped to see potential patterns such as highly used email providers and learn how the addresses were used, with the added benefit of providing a list of strings to detect malware.

Where Malware Email Addresses Can Be Found

The list of 1,012 email addresses consists mostly of phishing repositories, with some shell install and login notifications, ego addresses, and a few spoofed “From” addresses from phishing files. The full list of malware email addresses is found at WSTNPHX’s GitHub page.

Read More