Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Bitcoin

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin 75

Posted by Unknown Lamer
from the dvr-burned-the-house-down dept.
UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
This discussion has been archived. No new comments can be posted.

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Comments Filter:
  • by nbetcher (973062) <> on Tuesday April 01, 2014 @12:28AM (#46628037)
    Unfortunately this does not appear to be a case of April fools. Somehow I wish it were.
  • by Anonymous Coward on Tuesday April 01, 2014 @05:25AM (#46628801)

    For even more perspective: The current hash rate on the Bitcoin network is about 40,000,000 gigahashes per second. With 0.2 megahashes per second, you can expect to earn 3600*0.2/40,000,000,000 Bitcoins per day. That's 0.000000018 Bitcoins (or about two Satoshis) per day. At that rate, it would take 380 years to earn a dollar.

  • by doas777 (1138627) on Tuesday April 01, 2014 @08:00AM (#46629123)

    TFA has very little info on the supposed Synology management interface vulnerability.

    I believe this article covers some some of the general info on the vulnerabilities: []

  • by DrYak (748999) on Tuesday April 01, 2014 @08:14AM (#46629167) Homepage

    That might also be an error in reporting: TFA's Author might have written "bitcoin mining" (for lack of understanding the whole alt-coin ecosystem) when it would be best described as "cryptocurrency miner".
    The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
    Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

    The black-hats creating sophisticated malware (a worm, infecting vulnerable connected DVR, so they in turn can attack Synology NAS and launch mining software) aren't probably stupid enough to mine bitcoin, they probably know better, and the miner is for whatever is the current most CPU-worthy (i.e.: non SHA-256^2 baesd) cryptocurrency-coin.

  • by Pope (17780) on Tuesday April 01, 2014 @10:23AM (#46630103)

    Synology's firmware is updated p. regularly in my few month's experience of owning a DiskStation.

If it's working, the diagnostics say it's fine. If it's not working, the diagnostics say it's fine. - A proposed addition to rules for realtime programming