A few days ago, Proofpoint published a report about a massive spam campaign that abused 100,000 devices to send out 750,000 spam emails. The company allegedly found that many of the compromised devices were not computers, but routers, multimedia systems and even a smart refrigerator.
Many have been suspicious about this Internet of Things cyberattack right from the start, and now their suspicions have been confirmed.
According to Symantec, they’ve managed to identity the spam campaign analyzed by Proofpoint. It turns out that the spam run was powered by W32.Waledac (Kelihos), and none of the infected devices were non-Windows computers.
The refrigerator and other smart appliances came into the picture because researchers misinterpreted their findings.
“Many home devices sit behind a home router and use Network Address Translation (NAT). From the view point of an outsider, all the devices behind that router share the same IP address. This makes it difficult to determine whether a device behind the router or the router itself was the original source of the network traffic,” Symantec experts explained.
“Furthermore, if you probe the router for open ports the router may employ port forwarding, exposing one or more devices behind the router. You could be fooled into not even realizing a router is there and think that the exposed device is the sole device using that IP address.”
The most likely scenario is that the smart fridge identified by Proofpoint had port forwarding enabled and the network IP address was contacted on port 80. This led to the impression that the refrigerator was the only device, when in reality it was simply on the same network as the computer infected with the Waledac malware.
On the other hand, experts highlight the fact that cybercriminals have already started developing pieces of malware that can infect Linux-based devices, such as cameras, entertainment systems and routers. A perfect example is the threat dubbed Linux.Darlloz.