Feeds

SPAM supposedly spotted leaving the fridge

Internet of Things security scares already need to take a chill pill

Protecting against web application threats using SSL

It's still silly season, it seems. Tell the world that a bunch of small business broadband routers have been compromised and recruited into botnets, and the world yawns.

Add in a television or a multi-media centre, and there's a faint flicker of interest – perhaps a raised eyebrow, but not much more. Add in the word “refrigerator”, as Proofpoint did in this press release, and the world goes nuts.

Which is why, of course, the refrigerator is in there. Here's what the security outfit actually said about a spam-spreading caper it spotted:

“The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.”

Let's put that in context: the “Internet of things”, says Proofpoint, was the source of three quarters of a million messages in a “global attack campaign”. Meanwhile, estimates for the world's daily spam centre around 100 billion spam messages a day (depending on the success of efforts to disrupt the spammers' operations.

In other words, what Proofpoint found is, right now, a very small proportion of the world's attack traffic.

The Register is also concerned that Proofpoint's media release doesn't identify which refrigerator (of the handful that run some kind of Linux) was involved (which would enable owners to at least unplug their fridges from the Internet), nor how many messages apparently originated from the fridge.

Here's another inconsistency that worries Vulture South: since we're not aware of any refrigerator in possession of its own WAN interface, we presume it was on a home network somewhere, and the router was so insecure that the attackers could recruit it into their botnet. And that they chose to attack the fridge rather than the gateway router that they were passing to reach it.

I guess it makes sense for attackers, like security researchers, to look at new platforms – and that what Proofpoint has turned up is someone's proof-of-concept.

However, Vulture South is not, as our peers seem to be, lying awake at night over the refrigerator spambot, for a few reasons: the platform itself is constrained; it's relatively easily detected and defeated; and there are more attractive targets on the same networks as the refrigerators live on.

If you don't want your refrigerator recruited into a botnet, the answer's easy: don't give it the right to connect to your network. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.