Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

Author: Brian Karas, Published on Jun 14, 2017

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

***** **** ********* ** ****, ********** ********** ** *******,********* ***** **** ****************** ****** * ******* ****** **** *** **** ** ********* ******* ****-***** ********, *********** ****** ** *******.

***, * *** ****** **** ******* ** *****, ***** ** Persirai, ** ********* ******* ******** ** ********-******** *******. ** **** report ** ******* *** ****** ** ******** *** *** ******** it ** *********.

[***************]

Perserai ********

******** ** ***** ** *********** ** ******** ****** ****. **** *****, ** ******** ****** ** ***** ******** *** internet *** ***** ******* **** ***** ***************. **** ** *********** device ** *****, ******** *** **** ** ** **** ******** it ** ******** *** ******* * ******* **** **** ****** a ****** ******** ** ******* ** ** **** ** * botnet.

Exploit *****

******** ********** ****** ***, *** ******** ********, ***** ******** ******* *******, ********* *** ******* ** ******** a **** ** *********/******** (******* ** ******** ********), *** * ******** ** * *** ****** ************** (******* to ********** ***** ******** *************). *** ******* *** ********* ******** ********** *** ** ******* uPNP ********, ***** ***** ** ***** ******* ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** *,*** ********** ******/****** ********. **** ** *** ********** ** *********** ******** ***** ******** is **** ***** ******* **** ******** ** ** **** ***** OEM ******, ***** ******** ** ********/*** *******.

** ***, * **** ************ ** *** ***** *** *** been **********, *** ** ** **** ****** *** ******* ******* multiple *************, ** ******* ******** **** ******* ***'* **** **** IPVM ********** **** **** ** ***** ****** *** ****** ****** multiple ********* ****** ** ********** **** ******* *********, ** ******* contract **** *** ******** *************, ** ****** ***** ****.

** * ****** ****** ** ********** *****, ******* ****** **** encountered, ******* ************ ********* ********** ** *** *******. ***** ****** *** ***** in *** **** ********* *****. **** ******** ***** ********* ** branding ** *** **, ****** ********* ** *** **** ** "IP ******" ** "*** ******* ******":

No ***** ****** ********

**** *** **************, *** ******* **** ***** *******, **** ** the ******** ***** **** **** ***** ****** ** **** ******* such ** *****, *********, *-***, *****, ***. *******, ** * general ****, ***** ***** ***** ** ********* ** ***** ******** them ** ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** ** ********** ************** ***,*** ************ ******* ********* ******:

Similarities ** *****

**** **** *****, ******** ***** ****** ********** **** * **** is *********** *** *********** ************* ** * ******. ** **** cases *** ****** **** ******** ** ******** ********, ****** ************** may ** ******** ** *** ****** ** ***** ********* ** participate ** * **** ******. ***** **** **** ***** ** these ******* ***** **** ******* *********, ** ** ******** **** firmware *** **** **** **** ** ******* (******** *** ************* even ******* ******* ********).

******** ******** **** *** ******* * ****** ** *** ******, another ***** ** ****** **** *****. ***** *** '*****' ***** cameras ****** ** ********* ****, ****** **** **** ****** ****** infected ***** ******* ** **** *** *** *** ** * VPN ** ********* ******* **** ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** ****** ** ** **** ** ******* websites ** ******* **** *** *** ********** ** * **** attack ******* *** ** ******** *******.

Minimal ****** ******** ******

**** * ******** ******** **********, ***** ** ***** ****** **** been ********, *** ******* ****** ***** **** **** ******** ******** on *****'* *********, ******* * **** ** ***** ** ** camera ********* ** *******.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Consumer

ADT And 'The Defenders' Silent About Massive Complaints on Feb 14, 2019
ADT's largest dealer, "The Defenders" has been the subject of a massive number of complaints over many years and many forums, most recently a CBS...
Surging Wyze Raises $20 Million, Threat To Chinese Brands on Feb 01, 2019
The Seattle Startup that is disrupting consumer IP cameras with $20 pricing has just raised $20 million dollars (SEC Filing and company press...
Bad: Dahua Villa Video Doorbell Tested on Jan 11, 2019
Doorbells are one of the hottest segments in the residential market but Dahua's Villa Video Doorbell is the worst we have tested.   We bought and...
Worst Products Tested In Past Year on Jan 09, 2019
IPVM has done over 100 tests in the past year. But which products performed the worst? Which ones should users be most aware of? In this report,...
The Battle For The VSaaS Market Begins 2019 - Alarm.com, Arcules, Eagle Eye, OpenEye, Qumulex, Verkada, More on Jan 02, 2019
2019 will be the year that VSaaS finally becomes a real factor for professional video surveillance. While Video Surveillance as a Service (VSaaS)...
Dahua Lorex White Light Camera Tested on Dec 20, 2018
IP cameras with integrated white light LEDs are a growing trend, led by most notably Hikvision ColorVu. While the Hikvision models are not...
Imperial Capital Security Investor Conference 2018 Review - ADT, Resideo, Alarm.com, Arlo, Eagle Eye, ACRE, More on Dec 14, 2018
Imperial Capital Security Investor Conference is an event matching industry executives with financiers that frequently leads to future funding...
ADT Wins Fire Death Suit But Faces Appeal on Dec 05, 2018
ADT/Protection 1 has won a wrongful death court case in which it was sued by the estate of a deceased customer. However, the attorney for the...
Wyze Explosive Growth Disrupting Consumer IP Camera Market on Oct 30, 2018
Wyze, a company founded only in 2017, is poised to disrupt the consumer IP camera market by combining American marketing and Chinese manufacturing...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...

Most Recent Industry Reports

IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019
A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...
Eagle Eye Favorability Results 2019 on Mar 21, 2019
Eagle Eye has been the biggest spender in the cloud VMS market including (via their owner) acquiring Brivo for $50 million and CameraManager from...
Large Hospital Security End User Interview on Mar 21, 2019
This large single-state healthcare system consists of many hospitals, and hundreds of health parks, private practices, urgent care facilities, and...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
Covert IP Camera Shootout - Axis, Hanwha, Hikvision, March, Vivotek on Mar 20, 2019
Covert cameras were one of the last holdout areas for analog cameras. However, in the past few years, IP / HD covert cameras have become...
Top Metrics For Ensuring Integrator Profitability - Statistics on Mar 20, 2019
How do integrators ensure the profitability of their projects? As part of our profitability study, 100+ integrators answered the following...
Avigilon Launches 'Renewed Products Program' on Mar 19, 2019
There are lots of 'pre-owned' cars but pre-owned IP cameras? While such programs are common in other industries, in video surveillance, they are...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Retired Mercury President Returns As Open Options President on Mar 18, 2019
Open Options experienced major changes in 2018, including being acquired by ACRE and losing its President and General Manager, John Berman who...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact