IoT Botnet Retooled to Send Email Spam

[LASER_oneXM]

It has become the norm that when someone says "IoT botnet" most security aficionados think of DDoS attacks.
While most IoT botnets are, in fact, used for DDoS attacks, in recent months, quite a few IoT malware strains that are usually used to assemble these botnets have added other features besides DDoS functions.
The favorite among these is the ability to relay web traffic by installing a SOCKS proxy server on infected devices.

Each IoT device capable of sending 400 messages/day
Dr.Web says that right now, Linux.ProxyM is behind a wave of adult-themed spam messages. Researchers say that a device infected with Linux.ProxyM sends on average about 400 emails per day. Multiplied by 4,500 bots, that's around 1.8 million messages per day.

The number is low, but this is most likely to avoid having SMTP servers added to spam blacklists. Originally, Linux.ProxyM was used to relay web traffic, a feature that it can still perform.

Compared to earlier versions of Linux.ProxyM that researchers saw in May and June, the malware also evolved, currently sporting two different build versions, and being able to target IoT devices running on various architectures, such as x86, MIPS, MIPSEL, PowerPC, ARM, Superh, Motorola 68000, and SPARC.

Linux.ProxyM infects devices by taking over IoT equipment still running default credentials.