Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

By Brian Karas, Published Jun 14, 2017, 09:54am EDT (Info+)

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

Perserai ********

******** ** ***** ** *********** ** *** ***** ****** ****. **** *****, ** ******** ****** ** agent ******** *** ******** *** ***** devices **** ***** ***************. **** ** exploitable ****** ** *****, ******** *** **** to ** **** ******** ** ** download *** ******* * ******* **** then ****** * ****** ******** ** control ** ** **** ** * botnet.

Exploit *****

******** ********** ****** ***, *** ******** Persirai, ***** ******** ******* *******, ********* the ******* ** ******** * **** of *********/******** (******* ** ******** ********), *** * ******** ** * P2P ****** ************** (******* ** * ********* ***** ******** *************). *** ******* *** ********* ******** accessable *** ** ******* **** ********, which ***** ** ***** ******* ***** are *** ***** **.

1,000+ ******/****** ********

***** ***** ******* **** *,*** ********** brands/models ********. **** ** *** ********** ** identifying ******** ***** ******** ** **** these ******* **** ******** ** ** sold ***** *** ******, ***** ******** at ********/*** *******.

** ***, * **** ************ ** the ***** *** *** **** **********, and ** ** **** ****** *** exploit ******* ******** *************, ** ******* familiar **** ******* ***'* **** **** IPVM ********** **** **** ** ***** shared *** ****** ****** ******** ********* brands ** ********** **** ******* *********, do ******* ******** **** *** ******** manufacturers, ** ****** ***** ****.

** * ****** ****** ** ********** units, ******* ****** **** ***********, **** *** ******* ***** ********* ********** ** *** *******. Other ****** *** ***** ** *** logo ********* *****. **** ******** ***** displayed ** ******** ** *** **, simply ********* ** *** **** ** "IP ******" ** "*** ******* ******":

No ***** ****** ********

**** *** **************, *** ******* **** other *******, **** ** *** ******** units **** **** ***** ****** ** this ******* **** ** *****, *********, Q-See, *****, ***. *******, ** * general ****, ***** ***** ***** ** ********* to ***** ******** **** ** ****** internet ***********.

170,000 ********** ***** ********

******* *** ** ********** ** ********** units********* ***,*** ************ ******* ********* ******:

Similarities ** *****

**** **** *****, ******** ***** ****** indication **** * **** ** *********** and *********** ************* ** * ******. In **** ***** *** ****** **** continue ** ******** ********, ****** ************** may ** ******** ** *** ****** is ***** ********* ** *********** ** a **** ******. ***** **** **** users ** ***** ******* ***** **** default *********, ** ** ******** **** firmware *** **** **** **** ** updated (******** *** ************* **** ******* patched ********).

******** ******** **** *** ******* * reboot ** *** ******, ******* ***** in ****** **** *****. ***** *** 'clean' ***** ******* ****** ** ********* them, ****** **** **** ****** ****** infected ***** ******* ** **** *** not *** ** * *** ** otherwise ******* **** ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** ****** ** be **** ** ******* ******** ** servers **** *** *** ********** ** a **** ****** ******* *** ** infected *******.

Minimal ****** ******** ******

**** * ******** ******** **********, ***** no ***** ****** **** **** ********, the ******* ****** ***** **** **** Persirai ******** ** *****'* *********, ******* * lack ** ***** ** ** ****** platforms ** *******.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports