Mirai-like Botnet Persirai Attacks IP Cameras - Impact Analyzed
Mirai made headlines in 2016, exploiting weaknesses in cameras, including those from Dahua and XiongMai to create a massive botnet that was used to bring down several well-known websites, and internet access in Liberia.
Now, a new botnet very similar to Mirai, known as Persirai, is targeting similar exploits in consumer-oriented cameras. In this report we analyze the impact of Persirai and the products it is affecting.
Perserai ********
******** ** ***** ** *********** ** *** ***** ****** ****. **** *****, ** ******** ****** ** agent ******** *** ******** *** ***** devices **** ***** ***************. **** ** exploitable ****** ** *****, ******** *** **** to ** **** ******** ** ** download *** ******* * ******* **** then ****** * ****** ******** ** control ** ** **** ** * botnet.
Exploit *****
******** ********** ****** ***, *** ******** Persirai, ***** ******** ******* *******, ********* the ******* ** ******** * **** of *********/******** (******* ** ******** ********), *** * ******** ** * P2P ****** ************** (******* ** * ********* ***** ******** *************). *** ******* *** ********* ******** accessable *** ** ******* **** ********, which ***** ** ***** ******* ***** are *** ***** **.
1,000+ ******/****** ********
***** ***** ******* **** *,*** ********** brands/models ********. **** ** *** ********** ** identifying ******** ***** ******** ** **** these ******* **** ******** ** ** sold ***** *** ******, ***** ******** at ********/*** *******.
** ***, * **** ************ ** the ***** *** *** **** **********, and ** ** **** ****** *** exploit ******* ******** *************, ** ******* familiar **** ******* ***'* **** **** IPVM ********** **** **** ** ***** shared *** ****** ****** ******** ********* brands ** ********** **** ******* *********, do ******* ******** **** *** ******** manufacturers, ** ****** ***** ****.
** * ****** ****** ** ********** units, ******* ****** **** ***********, **** *** ******* ***** ********* ********** ** *** *******. Other ****** *** ***** ** *** logo ********* *****. **** ******** ***** displayed ** ******** ** *** **, simply ********* ** *** **** ** "IP ******" ** "*** ******* ******":
No ***** ****** ********
**** *** **************, *** ******* **** other *******, **** ** *** ******** units **** **** ***** ****** ** this ******* **** ** *****, *********, Q-See, *****, ***. *******, ** * general ****, ***** ***** ***** ** ********* to ***** ******** **** ** ****** internet ***********.
170,000 ********** ***** ********
******* *** ** ********** ** ********** units********* ***,*** ************ ******* ********* ******:
Similarities ** *****
**** **** *****, ******** ***** ****** indication **** * **** ** *********** and *********** ************* ** * ******. In **** ***** *** ****** **** continue ** ******** ********, ****** ************** may ** ******** ** *** ****** is ***** ********* ** *********** ** a **** ******. ***** **** **** users ** ***** ******* ***** **** default *********, ** ** ******** **** firmware *** **** **** **** ** updated (******** *** ************* **** ******* patched ********).
******** ******** **** *** ******* * reboot ** *** ******, ******* ***** in ****** **** *****. ***** *** 'clean' ***** ******* ****** ** ********* them, ****** **** **** ****** ****** infected ***** ******* ** **** *** not *** ** * *** ** otherwise ******* **** ****** ******.
Impact **** ****** ** *******/********
********'* ****** ** **** ****** ** be **** ** ******* ******** ** servers **** *** *** ********** ** a **** ****** ******* *** ** infected *******.
Minimal ****** ******** ******
**** * ******** ******** **********, ***** no ***** ****** **** **** ********, the ******* ****** ***** **** **** Persirai ******** ** *****'* *********, ******* * lack ** ***** ** ** ****** platforms ** *******.