Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

By Brian Karas, Published Jun 14, 2017, 09:54am EDT

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

Perserai ********

******** ** ***** ** *********** of *** ***** ****** ****. **** *****, ** ******** device ** ***** ******** the ******** *** ***** devices **** ***** ***************. When ** *********** ****** is *****, ******** *** **** to ** **** ******** it ** ******** *** execute * ******* **** then ****** * ****** operator ** ******* ** as **** ** * botnet.

Exploit *****

******** ********** ****** ***, who ******** ********, ***** ******** ******* methods, ********* *** ******* to ******** * **** of *********/******** (******* ** ******** ********), *** * ******** in * *** ****** implementation (******* ** * ********* ***** ******** *************). *** ******* *** generally ******** ********** *** to ******* **** ********, which ***** ** ***** cameras ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** 1,000 ********** ******/****** ********. **** ** *** difficulty ** *********** ******** units ******** ** **** these ******* **** ******** to ** **** ***** OEM ******, ***** ******** at ********/*** *******.

** ***, * **** manufacturer ** *** ***** has *** **** **********, and ** ** **** likely *** ******* ******* multiple *************, ** ******* familiar **** ******* ***'* have **** **** ********** that **** ** ***** shared *** ****** ****** multiple ********* ****** ** developers **** ******* *********, do ******* ******** **** for ******** *************, ** simply ***** ****.

** * ****** ****** of ********** *****, ******* brands **** ***********, **** *** ******* ***** ********* ********** ** the *******. ***** ****** are ***** ** *** logo ********* *****. **** affected ***** ********* ** branding ** *** **, simply ********* ** *** unit ** "** ******" or "*** ******* ******":

No ***** ****** ********

**** *** **************, *** reports **** ***** *******, none ** *** ******** units **** **** ***** brands ** **** ******* such ** *****, *********, Q-See, *****, ***. *******, as * ******* ****, users would ***** ** ********* to ***** ******** **** to ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** of ********** ************** ***,*** ************ ******* currently ******:

Similarities ** *****

**** **** *****, ******** gives ****** ********** **** a **** ** *********** and *********** ************* ** a ******. ** **** cases *** ****** **** continue ** ******** ********, though ************** *** ** impacted ** *** ****** is ***** ********* ** participate ** * **** attack. ***** **** **** users ** ***** ******* still **** ******* *********, it ** ******** **** firmware *** **** **** ever ** ******* (******** the ************* **** ******* patched ********).

******** ******** **** *** survive * ****** ** the ******, ******* ***** in ****** **** *****. Users *** '*****' ***** cameras ****** ** ********* them, ****** **** **** likely ****** ******** ***** quickly ** **** *** not *** ** * VPN ** ********* ******* from ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** likely ** ** **** by ******* ******** ** servers **** *** *** recipients ** * **** attack ******* *** ** infected *******.

Minimal ****** ******** ******

**** * ******** ******** standpoint, ***** ** ***** brands **** **** ********, the ******* ****** ***** come **** ******** ******** on *****'* *********, ******* * lack ** ***** ** IP ****** ********* ** general.

Comments (0)

Read this IPVM report for free.

This article is part of IPVM's 6,743 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports