This article is more than 1 year old

IoT botnet Linux.ProxyM turns its grubby claws to spam rather than DDoS

I don't know which is worse

An IoT botnet is making a nuisance of itself online after becoming a conduit for spam distribution.

Linux.ProxyM has the capability to engage in email spam campaigns with marked difference to other IoT botnets, such as Mirai, that infamously offered a potent platform for running distributed-denial-of-service attacks (DDoSing). Other IoT botnets have been used as proxies to offer online anonymity.

Linux.ProxyM never had DDoS capabilities and was built instead to function as a giant mesh of proxy servers running on smart devices. The botnet first surfaced in February 2017, reaching a size of nearly 10,000 bots by June. The botnet has halved in size since then but this positive development is offset by the addition of new features.

Dr.Web, the Russian antivirus firm that first identified Linux.ProxyM, warns the botnet is now engaged in email spam campaigns. According to Dr.Web's statistics, a device infected with Linux.ProxyM sends on average about 400 emails per day. Campaigns so far have promoted adult hookup sites.

Default login credentials and risible patching practices have created an opportunity for hackers to pwn internet-connected devices ranging from CCTVs cameras, personal video recorders and routers so the abuse of this resource to send junk mail was only a matter of time.

Javvad Malik, security advocate at AlienVault, commented: "This isn't a surprising development. If we look at IoT devices, they are basically running a small Linux PC – this can be used to serve whatever purposes the creator desires as long as it is within the device's capabilities. Due to the difficulty in patching IoT devices, using them for malicious purposes will likely continue to rise." ®

More about


Send us news

Other stories you might like