Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed

Author: Brian Karas, Published on Jun 14, 2017

Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.

Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.

***** **** ********* ** ****, ********** ********** ** *******,********* ***** **** ****************** ****** * ******* ****** **** *** **** ** ********* ******* ****-***** ********, *********** ****** ** *******.

***, * *** ****** **** ******* ** *****, ***** ** Persirai, ** ********* ******* ******** ** ********-******** *******. ** **** report ** ******* *** ****** ** ******** *** *** ******** it ** *********.

[***************]

Perserai ********

******** ** ***** ** *********** ** ******** ****** ****. **** *****, ** ******** ****** ** ***** ******** *** internet *** ***** ******* **** ***** ***************. **** ** *********** device ** *****, ******** *** **** ** ** **** ******** it ** ******** *** ******* * ******* **** **** ****** a ****** ******** ** ******* ** ** **** ** * botnet.

Exploit *****

******** ********** ****** ***, *** ******** ********, ***** ******** ******* *******, ********* *** ******* ** ******** a **** ** *********/******** (******* ** ******** ********), *** * ******** ** * *** ****** ************** (******* to ********** ***** ******** *************). *** ******* *** ********* ******** ********** *** ** ******* uPNP ********, ***** ***** ** ***** ******* ***** *** *** aware **.

1,000+ ******/****** ********

***** ***** ******* **** *,*** ********** ******/****** ********. **** ** *** ********** ** *********** ******** ***** ******** is **** ***** ******* **** ******** ** ** **** ***** OEM ******, ***** ******** ** ********/*** *******.

** ***, * **** ************ ** *** ***** *** *** been **********, *** ** ** **** ****** *** ******* ******* multiple *************, ** ******* ******** **** ******* ***'* **** **** IPVM ********** **** **** ** ***** ****** *** ****** ****** multiple ********* ****** ** ********** **** ******* *********, ** ******* contract **** *** ******** *************, ** ****** ***** ****.

** * ****** ****** ** ********** *****, ******* ****** **** encountered, ******* ************ ********* ********** ** *** *******. ***** ****** *** ***** in *** **** ********* *****. **** ******** ***** ********* ** branding ** *** **, ****** ********* ** *** **** ** "IP ******" ** "*** ******* ******":

No ***** ****** ********

**** *** **************, *** ******* **** ***** *******, **** ** the ******** ***** **** **** ***** ****** ** **** ******* such ** *****, *********, *-***, *****, ***. *******, ** * general ****, ***** ***** ***** ** ********* ** ***** ******** them ** ****** ******** ***********.

170,000 ********** ***** ********

******* *** ** ********** ** ********** ************** ***,*** ************ ******* ********* ******:

Similarities ** *****

**** **** *****, ******** ***** ****** ********** **** * **** is *********** *** *********** ************* ** * ******. ** **** cases *** ****** **** ******** ** ******** ********, ****** ************** may ** ******** ** *** ****** ** ***** ********* ** participate ** * **** ******. ***** **** **** ***** ** these ******* ***** **** ******* *********, ** ** ******** **** firmware *** **** **** **** ** ******* (******** *** ************* even ******* ******* ********).

******** ******** **** *** ******* * ****** ** *** ******, another ***** ** ****** **** *****. ***** *** '*****' ***** cameras ****** ** ********* ****, ****** **** **** ****** ****** infected ***** ******* ** **** *** *** *** ** * VPN ** ********* ******* **** ****** ******.

Impact **** ****** ** *******/********

********'* ****** ** **** ****** ** ** **** ** ******* websites ** ******* **** *** *** ********** ** * **** attack ******* *** ** ******** *******.

Minimal ****** ******** ******

**** * ******** ******** **********, ***** ** ***** ****** **** been ********, *** ******* ****** ***** **** **** ******** ******** on *****'* *********, ******* * **** ** ***** ** ** camera ********* ** *******.

Comments (0)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Consumer

Powerline Networking For Video Surveillance Advocated By Comtrend on Jun 08, 2018
Powerline networking, using existing electrical wiring, has been around for many years. Indeed, over the years, some video surveillance providers...
Owl Car Cam Tested - Disappoints on Mar 30, 2018
With $18 million in VC funding, and led by the former product lead for the iPod and the VP of Engineering of Dropcam, Andrew Hodge, hopes are high...
Wireless Networking For Video Surveillance Guide on Mar 29, 2018
Wireless networking is a niche in video surveillance applications, but it can be a difficult one to understand with proper wireless design,...
Dahua Global Launch LeChange on Mar 20, 2018
Dahua is getting into the consumer video surveillance market globally, with "LeChange", an offering long available inside of China is now being...
Cellular (4G / LTE / 5G) For Video Surveillance Guide on Mar 06, 2018
In this report, we explain using cellular for video surveillance including: 4G vs LTE vs 5G 4G standards 5G future Advantage: Placing cameras...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
Arlo, Bigger Than Avigilon, More Valuable Than Axis on Feb 08, 2018
Arlo, the wireless IP camera offering that Netgear bought ~5 years ago for a few tens of millions is now doing more revenue than Avigilon and...
Dahua Acquires Lorex From FLIR on Feb 06, 2018
Would you buy your own customer? Well, Dahua has just done that. FLIR has sold its Lorex / home / SMB business to Dahua, just over 5 years after...
CES 2018 Show Final Report on Jan 12, 2018
This is IPVM's final edition of our 2018 CES show report. Below are already numerous images and commentary, with more coming tomorrow.   CES is...
Amazon Acquires Blink on Dec 22, 2017
Amazon has made their first significant acquisition in the connected home space, buying wire-free camera manufacturer Blink. We examine Amazon's...

Most Recent Industry Reports

Directory of Video Surveillance Startups on Jul 18, 2018
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known entity...
Ladder Lockdown and Ladder Levelizer Tested on Jul 18, 2018
Ladders are a daily necessity for surveillance and security installers, but working on an unstable surface can be extremely dangerous. In addition...
FST Fails on Jul 17, 2018
FST was one of the hottest startups of the decade, selected as the best new product at ISC West 2011 and backed with tens of millions in...
Axis ~$100 Camera Tested on Jul 17, 2018
Axis has released their lowest cost camera ever, the Companion Eye Mini L, setting their sights on a market dominated by Hikvision and Dahua. Can...
Amazon Ring Alarm System Tested on Jul 16, 2018
Amazon Ring is going to hurt traditional dealers, and especially ADT, new IPVM test results of Ring's Alarm system underscore. IPVM found that...
Hikvision Wins Chinese Government Forced Facial Recognition Project Across 967 Mosques on Jul 16, 2018
Hikvision has won a Chinese government tender which requires that facial recognition cameras be set up at the entrance of every single mosque...
Installing Dome Cameras Indoors Guide on Jul 16, 2018
IPVM is producing the definitive series on installing surveillance cameras. This entry covers one of the most common scenarios - installing dome...
Security Sales Course Summer 2018 on Jul 13, 2018
Based on member's interest, IPVM is offering a security sales course this summer. Register Now - IPVM Security Sales Course Summer 2018 This...
US Tariffs Hit China Video Surveillance on Jul 13, 2018
Chinese video surveillance products avoided tariffs for the first two rounds. Now, in the third round, many video surveillance products will be...
Last Chance - July 2018 IP Networking Course on Jul 12, 2018
Registration ends today, Thursday. Register now. This is the only networking course designed specifically for video surveillance...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact