IoT Botnet Retooled to Send Email Spam

The ability to relay web traffic by installing a proxy server on infected devices is a favorite

IOT - Shutterstock

It has become the norm that when someone says "IoT botnet", most security aficionados think of DDoS attacks.

While most IoT botnets are, in fact, used for DDoS attacks, in recent months, quite a few IoT malware strains that are usually used to assemble these botnets have added other features besides DDoS functions. The favorite among these is the ability to relay web traffic by installing a proxy server on infected devices.

One such botnet is the one built using the Linux.ProxyM malware. Compared to its brethren, this botnet never had DDoS capabilities and was built on purpose right from the beginning to function as a giant mesh of proxy servers running on smart devices.

Linux.ProxyM appeared in February 2017, and by June 2017  it had reached a size of nearly 10,000 bots. While currently, the botnet's size has gone down to 4,500 - 5,000 devices, the botnet has gained a new feature.

According to security researchers from Russian antivirus maker Dr.Web, the company that first identified Linux.ProxyM, the botnet is now engaged in email spam campaigns.

Cesare Garlati, chief security strategist at the prpl Foundation, said: "Targeting IoT devices has become the go to option for attackers due to the lack of security housed within them. Attackers are developing new ways to target the general public and this email spam technique is evident of this.

"Until developers start to implement security at the hardware stage of manufacturing, these devices will continue to be exploited. The prpl Foundation promotes the mindset “if it’s not secure, it doesn’t work. The industry needs to adopts this attitude otherwise the consequences could become severe."


Around The World