Security Architecture, Endpoint/Device Security, IoT, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Linux IoT botnet retooled to send spam email

An IoT botnet has set its hooks in about 4,500 – 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day.

The Linux.ProxyM first appeared in February 2017 and had peaked at 10,000 bots by July 2017 before dwindling in size. The botnet was purpose built to function as a giant mesh of proxy servers running on smart devices but was retooled to send spam emails as well, Bleeping Computer researchers said in a Sept. 22 blog post.

The botnet infects devices by taking over IoT equipment still using default credentials. Although the botnet sends out 1.8 million messages per day, researchers said the number is relatively low to avoid having Simple Mail Transfer Protocol (SMTP) added to spam blacklists.

This isn't a surprising development, AlienVault Security Advocate Javvad Malik told SC Media.

“If we look at IoT devices, they are basically running a small linux PC – this, can be used to serve whatever purposes the creator desires as long as it is within the devices capabilities,” Malik said. “Due to the difficulty in patching IoT devices, using them for malicious purposes will likely continue to rise."

Currently, the botnet is being used to distribute adult themed spam mail. Researchers said the malware evolved in May and June and is currently sporting two different build versions, and able to target IoT devices running on various 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.