Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings
New research conducted by Russian security firm Doctor Web has revealed that a Linux Trojan, dubbed Linux.ProxyM that cybercriminals use to ensure their online anonymity has recently been updated to add mas spam sending capabilities to earn money
The Linux.ProxyM Linux Trojan, initially discovered by the security firm in February this year, runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots in order to hide from malware researchers
Linux.ProxyM can operate on almost all Linux device, including routers, set-top boxes, and other equipment having the following architectures: x86, MIPS, PowerPC, MIPSEL, ARM, Motorola 68000, Superh and SPARC
Here's How this Linux Trojan Works
Once infected with Linux.ProxyM, the device connects to a command and control (C&C) server and downloads the addresses of two Internet nodes
- The first provides a list of logins and passwords
- The second one is needed for the SOCKS proxy server to operate
The C&C server also sends a command containing an SMTP server address, the credentials used to access it, a list of email addresses, and a message template, which contains advertising for various adult-content sites
A typical email sent using devices infected with this Trojan contains a message that reads
Subject: Kendra asked if you like hipster girls
A new girl is waiting to meet you.
And she is a hottie!
Go here to see if you want to date this hottie
(Copy and paste the link to your browser)
http://whi*******today.com/
Check out sexy dating profiles
There are a LOT of hotties waiting to meet you if we are being honest
On an average, each infected device sends out 400 of such emails per day
Although the total number of devices infected with this Trojan is unknown, Doctor Web analysts believe the number changed over the months
According to the Linux.ProxyM attacks launched during the past 30 days, the majority of infected devices is located in Brazil and the US, followed by Russia, India, Mexico, Italy, Turkey, Poland, France and Argentina
We can presume that the range of functions implemented by Linux Trojans will be expanded in the future," Dr Web researchers say
The Internet of things has long been a focal point for cybercriminals. The wide distribution of malicious Linux programs capable of infecting devices possessing various hardware architectures serves as proof of that
04day is AN formidable multimedia system effort supported in 2011 to look at however technology can modification life within the future for an enormous thought audience.
Our original editorial insight was that technology had migrated from the so much fringes of the culture to absolutely the center as mobile technology created a replacement generation of digital shoppers. Now, we tend to board a stunning world of screens that has ushered in revolutions in media, transportation, and science. The longer term is incoming quicker than ever.
04day is that the go-to supply for school, digital culture and diversion content for its dedicated and cogent audience around the globe
No comments:
Post a Comment