An IoT botnet has set its hooks in about 4,500 – 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day.
The Linux.ProxyM first appeared in February 2017 and had peaked at 10,000 bots by July 2017 before dwindling in size. The botnet was purpose built to function as a giant mesh of proxy servers running on smart devices but was retooled to send spam emails as well, Bleeping Computer researchers said in a 22 September blog post.
The botnet infects devices by taking over IoT equipment still using default credentials. Although the botnet sends out 1.8 million messages per day, researchers said the number is relatively low to avoid having Simple Mail Transfer Protocol (SMTP) added to spam blacklists.
This isn't a surprising development, AlienVault Security Advocate Javvad Malik told SC Media. “If we look at IoT devices, they are basically running a small linux PC – this, can be used to serve whatever purposes the creator desires as long as it is within the devices' capabilities,” Malik said. “Due to the difficulty in patching IoT devices, using them for malicious purposes will likely continue to rise."
Currently the botnet is being used to distribute adult themed spam mail. Researchers said the malware evolved in May and June and is currently sporting two different build versions.