Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

Author: Brian Karas, Published on Jun 14, 2017

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

***** **** ********* ** ****, ********** ********** ** *******,********* ***** **** ****************** ****** * ******* ****** **** *** **** ** ********* ******* ****-***** ********, *********** ****** ** *******.

***, * *** ****** **** ******* ** *****, ***** ** Persirai, ** ********* ******* ******** ** ********-******** *******. ** **** report ** ******* *** ****** ** ******** *** *** ******** it ** *********.

[***************]

Perserai ********

******** ** ***** ** *********** ** ******** ****** ****. **** *****, ** ******** ****** ** ***** ******** *** internet *** ***** ******* **** ***** ***************. **** ** *********** device ** *****, ******** *** **** ** ** **** ******** it ** ******** *** ******* * ******* **** **** ****** a ****** ******** ** ******* ** ** **** ** * botnet.

Exploit *****

******** ********** ****** ***, *** ******** ********, ***** ******** ******* *******, ********* *** ******* ** ******** a **** ** *********/******** (******* ** ******** ********), *** * ******** ** * *** ****** ************** (******* to ********** ***** ******** *************). *** ******* *** ********* ******** ********** *** ** ******* uPNP ********, ***** ***** ** ***** ******* ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** *,*** ********** ******/****** ********. **** ** *** ********** ** *********** ******** ***** ******** is **** ***** ******* **** ******** ** ** **** ***** OEM ******, ***** ******** ** ********/*** *******.

** ***, * **** ************ ** *** ***** *** *** been **********, *** ** ** **** ****** *** ******* ******* multiple *************, ** ******* ******** **** ******* ***'* **** **** IPVM ********** **** **** ** ***** ****** *** ****** ****** multiple ********* ****** ** ********** **** ******* *********, ** ******* contract **** *** ******** *************, ** ****** ***** ****.

** * ****** ****** ** ********** *****, ******* ****** **** encountered, ******* ************ ********* ********** ** *** *******. ***** ****** *** ***** in *** **** ********* *****. **** ******** ***** ********* ** branding ** *** **, ****** ********* ** *** **** ** "IP ******" ** "*** ******* ******":

No ***** ****** ********

**** *** **************, *** ******* **** ***** *******, **** ** the ******** ***** **** **** ***** ****** ** **** ******* such ** *****, *********, *-***, *****, ***. *******, ** * general ****, ***** ***** ***** ** ********* ** ***** ******** them ** ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** ** ********** ************** ***,*** ************ ******* ********* ******:

Similarities ** *****

**** **** *****, ******** ***** ****** ********** **** * **** is *********** *** *********** ************* ** * ******. ** **** cases *** ****** **** ******** ** ******** ********, ****** ************** may ** ******** ** *** ****** ** ***** ********* ** participate ** * **** ******. ***** **** **** ***** ** these ******* ***** **** ******* *********, ** ** ******** **** firmware *** **** **** **** ** ******* (******** *** ************* even ******* ******* ********).

******** ******** **** *** ******* * ****** ** *** ******, another ***** ** ****** **** *****. ***** *** '*****' ***** cameras ****** ** ********* ****, ****** **** **** ****** ****** infected ***** ******* ** **** *** *** *** ** * VPN ** ********* ******* **** ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** ****** ** ** **** ** ******* websites ** ******* **** *** *** ********** ** * **** attack ******* *** ** ******** *******.

Minimal ****** ******** ******

**** * ******** ******** **********, ***** ** ***** ****** **** been ********, *** ******* ****** ***** **** **** ******** ******** on *****'* *********, ******* * **** ** ***** ** ** camera ********* ** *******.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Consumer

Amazon Ring Spotlight Cam Tested on Sep 17, 2018
Amazon's Ring has released their latest camera entry, the Spotlight Cam, which we bought and tested in our Consumer IP Camera Analytics...
VMS Export Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Sep 13, 2018
When crimes, accidents or problems occur, exporting video from one's video surveillance system is critical to proving incidents. But who does it...
Ambarella on Computer Vision and US Hikua Ban on Sep 10, 2018
Ambarella, a widely-used video surveillance component supplier, is betting on the rise of computer vision and is already seeing a sales impact from...
Why Vivint / Best Buy Failed on Aug 31, 2018
DIY has bested Vivint. In 2017, Best Buy and Vivint partnered with Vivint employees on the floor of 400+ Best Buy stores, helping customers with...
Consumer IP Camera Analytics Shootout - Arlo, Google / Nest, Amazon / Ring, Hikvision / Ezviz on Aug 27, 2018
Consumer IP camera usage is growing significantly driven by large companies including Google (with Nest), Amazon (with Ring), Netgear (with Arlo)...
Powerline Networking For Video Surveillance Advocated By Comtrend on Jun 08, 2018
Powerline networking, using existing electrical wiring, has been around for many years. Indeed, over the years, some video surveillance providers...
Owl Car Cam Tested - Disappoints on Mar 30, 2018
With $18 million in VC funding, and led by the former product lead for the iPod and the VP of Engineering of Dropcam, Andrew Hodge, hopes are high...
Wireless Networking For Video Surveillance Guide on Mar 29, 2018
Wireless networking is a niche in video surveillance applications, but it can be a difficult one to understand with proper wireless design,...
Dahua Global Launch LeChange on Mar 20, 2018
Dahua is getting into the consumer video surveillance market globally, with "LeChange", an offering long available inside of China is now being...
Cellular (4G / LTE / 5G) For Video Surveillance Guide on Mar 06, 2018
In this report, we explain using cellular for video surveillance including: 4G vs LTE vs 5G 4G standards 5G future Advantage: Placing cameras...

Most Recent Industry Reports

Genetec Takes Aim At 'Untrustworthy' 'Foreign Government-Owned Vendors' on Sep 24, 2018
Genetec is taking aim at 'untrustworthy' 'foreign government-owned vendors'. This is not a new theme for Genetec as nearly 2 years ago, Genetec...
4MP Camera Shootout - Axis, Dahua, DW, Hanwha, Hikvision, Uniview, Vivotek on Sep 24, 2018
4MP usage continues to climb, especially for low cost fixed lens models. To see who was best, we bought and tested seven 4MP models from Axis,...
Alexa Guard Expands Amazon's Security Offerings, Boosts ADT's Stock on Sep 21, 2018
Amazon is expanding their security offerings yet again, this time with Alexa Guard that delivers security audio analytics and a virtual "Fake...
UTC, Owner of Lenel, Acquires S2 on Sep 20, 2018
UTC now owns two of the biggest access control providers, one of integrator's most hated access control platforms, Lenel, and one of their...
BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact