Follow Slashdot stories on Twitter


Forgot your password?
Botnet Security China Communications Network Privacy The Internet Wireless Networking

New IoT Malware Targets 100,000 IP Cameras Via Known Flaw ( 60

Researcher Pierre Kim has found a new malware, called Persirai, that has been infecting over 100,000 Chinese-made, internet-connected cameras. According to Trend Micro, the malware has been active since last month and works by exploiting flaws in the cameras that Kim reported back in March. CSO Online reports: At least 1,250 camera models produced by a Chinese manufacturer possess the bugs, the researcher went on to claim. Over a month later in April, Trend Micro noticed a new malware that spreads by exploiting the same products via the recently disclosed flaws. The security firm estimates that about 120,000 cameras are vulnerable to the malware, based on Shodan, a search engine for internet-connected hardware. The Persirai malware is infecting the cameras to form a botnet, or an army of enslaved computers. These botnets can launch DDoS attacks, which can overwhelm websites with internet traffic, forcing them offline. Once Persirai infects, it'll also block anyone else from exploiting the same vulnerabilities on the device. Security firm Qihoo 360 has also noticed the malware and estimated finding 43,621 devices in China infected with it. Interestingly, Persirai borrows some computer code from a notorious malware known as Mirai, which has also been infecting IoT devices, such as DVRs, internet routers, and CCTV cameras, but by guessing the passwords protecting them.
This discussion has been archived. No new comments can be posted.

New IoT Malware Targets 100,000 IP Cameras Via Known Flaw

Comments Filter:
  • Keep that shit out of my house. I don't want it. My X10 works fine. Usually.
  • by DRJlaw ( 946416 ) on Thursday May 11, 2017 @07:56AM (#54398789)

    Since nobody is naming the affected cameras, and the researcher inexplicably folded and removed his list on March 16, 2017, here's is a list courtesy of the internet archive []. The list is also included here so that robots.txt cannot be used to eliminate it from view.

    3G+IPCam Other,3SVISION Other,3com CASA,3com Other,3xLogic Other,3xLogic Radio,4UCAM Other,4XEM Other,555 Other,7Links 3677,7Links 3677-675,7Links 3720-675,7Links 3720-919,7Links IP-Cam-in,7Links IP-Wi-Fi,7Links IPC-760HD,7Links IPC-770HD,7Links Incam,7Links Other,7Links PX-3615-675,7Links PX-3671-675,7Links PX-3720-675,7Links PX3309,7Links PX3615,7Links ipc-720,7Links px-3675,7Links px-3719-675,7Links px-3720-675,A4Tech Other,ABS Other,ADT RC8021W,AGUILERA AQUILERA,AJT AJT-019129-BBCEF,ALinking ALC,ALinking Other,ALinking dax,AMC Other,ANRAN ip180,APKLINK Other,AQUILA AV-IPE03,AQUILA AV-IPE04,AVACOM 5060,AVACOM 5980,AVACOM H5060W,AVACOM NEW,AVACOM Other,AVACOM h5060w,AVACOM h5080w,Acromedia IN-010,Acromedia Other,Advance Other,Advanced+home lc-1140,Aeoss J6358,Aetos 400w,Agasio A500W,Agasio A502W,Agasio A512,Agasio A533W,Agasio A602W,Agasio A603W,Agasio Other,AirLink Other,Airmobi HSC321,Airsight Other,Airsight X10,Airsight X34A,Airsight X36A,Airsight XC39A,Airsight XX34A,Airsight XX36A,Airsight XX40A,Airsight XX60A,Airsight x10,Airsight x10Airsight,Airsight xc36a,Airsight xc49a,Airsight xx39A,Airsight xx40a,Airsight xx49a,Airsight xx51A,Airsight xx51a,Airsight xx52a,Airsight xx59a,Airsight xx60a,Akai AK7400,Akai SP-T03WP,Alecto 150,Alecto Atheros,Alecto DVC-125IP,Alecto DVC-150-IP,Alecto DVC-1601,Alecto DVC-215IP,Alecto DVC-255-IP,Alecto dv150,Alecto dvc-150ip,Alfa 0002HD,Alfa Other,Allnet 2213,Allnet ALL2212,Allnet ALL2213,Amovision Other,Android+IP+cam IPwebcam,Anjiel ip-sd-sh13d,Apexis AH9063CW,Apexis APM-H803-WS,Apexis APM-H804-WS,Apexis APM-J011,Apexis APM-J011-Richard,Apexis APM-J011-WS,Apexis APM-J012,Apexis APM-J012-WS,Apexis APM-J0233,Apexis APM-J8015-WS,Apexis GENERIC,Apexis H,Apexis HD,Apexis J,Apexis Other,Apexis PIPCAM8,Apexis Pyle,Apexis XF-IP49,Apexis apexis,Apexis apm-,Apexis dealextreme,Aquila+Vizion Other,Area51 Other,ArmorView Other,Asagio A622W,Asagio Other,Asgari 720U,Asgari Other,Asgari PTG2,Asgari UIR-G2,Atheros ar9285,AvantGarde SUMPPLE,Axis 1054,Axis 241S,B-Qtech Other,B-Series B-1,BRAUN HD-560,BRAUN HD505,Beaulieu Other,Bionics Other,Bionics ROBOCAM,Bionics Robocam,Bionics T6892WP,Bionics t6892wp,Black+Label B2601,Bravolink Other,Breno Other,CDR+king APM-J011-WS,CDR+king Other,CDR+king SEC-015-C,CDR+king SEC-016-NE,CDR+king SEC-028-NE,CDR+king SEC-029-NE,CDR+king SEC-039-NE,CDR+king sec-016-ne,CDXX Other,CDXXcamera Any,CP+PLUS CP-EPK-HC10L1,CPTCAM Other,Camscam JWEV-372869-BCBAB,Casa Other,Cengiz Other,Chinavasion Gunnie,Chinavasion H30,Chinavasion IP611W,Chinavasion Other,Chinavasion ip609aw,Chinavasion ip611w,Cloud MV1,Cloud Other,CnM IP103,CnM Other,CnM sec-ip-cam,Compro NC150/420/500,Comtac CS2,Comtac CS9267,Conceptronic CIPCAM720PTIWL,Conceptronic cipcamptiwl,Cybernova Other,Cybernova WIP604,Cybernova WIP604MW,D-Link DCS-910,D-Link DCS-930L,D-Link L-series,D-Link Other,DB+Power 003arfu,DB+Power DBPOWER,DB+Power ERIK,DB+Power HC-WV06,DB+Power HD011P,DB+Power HD012P,DB+Power HD015P,DB+Power L-615W,DB+Power LA040,DB+Power Other,DB+Power Other2,DB+Power VA-033K,DB+Power VA0038K,DB+Power VA003K+,DB+Power VA0044_M,DB+Power VA033K,DB+Power VA033K+,DB+Power VA035K,DB+Power VA036K,DB+Power VA038,DB+Power VA038k,DB+Power VA039K,DB+Power VA039K-Test,DB+Power VA040,DB+Power VA390k,DB+Power b,DB+Power b-series,DB+Power extcams,DB+Power eye,DB+Power kiskFirstCam,DB+Power va033k,DB+Power va039k,DB+Power wifi,DBB IP607W,DEVICECLIENTQ CNB,DKSEG Other,DNT CamDoo,DVR DVR,DVS-IP-CAM Other,DVS-IP-CAM Outdoor/IR,Dagro DAGRO-003368-JLWYX,Dagro Other,Dericam H216W,Dericam H502W,Dericam M01W,Dericam M2/6/8,Dericam M502W,Dericam M601W,Dericam M801W,Dericam Other,Digix Other,Digoo BB-M2,Digoo MM==BB-M2,Digoo bb-m2,Dinon

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Since nobody is naming the affected cameras, and the researcher inexplicably folded and removed his list on March 16, 2017, here's is a list courtesy of the internet archive [].

      It was trivial to find out that the manufacturer threatening with legal action was Foscam.

      From their About us page:
      To make life more secure for people all around the world by providing security products with higher quality and more competitive price.

      Captcha: impeach

    • That's a reassuringly small list.

    • 555

      OMG! The Chinese compromised the venerable 555 [] chip. I got two dozen spying away in my parts box. I'll have to drown them in flux paste when I get home.

    • My God. I didn't know there were so many IP camera models. And they all have such terrible names. "Coolead"? "vstarcam"?
      • by Anonymous Coward

        If you looked them all up (disclaimer, I didn't bother) you'll find about 5 unique designs. Many of them will be the exact same item from the same factory with a different brand printed on them, others will be clones made in other factories.

    • That is an awesome list. It's also a great way to get a headache if you're not expecting it. Dear lord, that's a lot of text all at once.

    • Since nobody is naming the affected cameras, and the researcher inexplicably folded and removed his list on March 16, 2017, here's is a list...

      You know, perhaps it would have been easier to make a list of the devices not affected next time. Just sayin'...

    • Bless you, Sir!
  • Thanks for finding those critical defects! No good deed goes unpunished.
  • Product recall.

    • I think product recalls require a safety component. You could argue this qualifies but I have two better words: brick them.

  • I don't have many (couple IP cams, outlets, etc.) but I put them all on a separate VLAN with no access to the outside world. I allow ridiculously restricted access to the inside host(s), although I haven't had any instances of them trying anything funny there - yet. But, EVERY Chinese IoT widget I've bought immediately attempts to phone home. EVERY Chinese IoT widget I've bought will also continue the attempts after the related (e.g. "cloud") features are turned off. Kinda like Windows 10.
  • What is this, the 100th IoT device with security flaws?
    Or is that the 1,000th IoT device?

    Recently I have been thinking about this, (I know, no one is supposed to THINK any more), and perhaps using open source replacement firmware would be the saving of many of these devices. Similar to DD-WRT is today. With clear, open software, developers could make suggestions and submit bug fixes to get this stuff fixed.

    Plus, there could be usability flaws in the IoT devices as well.

    We can leave the cheap hardwar
  • So where can we submit suggestions or updates to BrickerBot?

Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN.