Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Botnet Privacy Security Television

New Mirai Malware Variant Targets Signage TVs and Presentation Systems (zdnet.com) 21

An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today.

The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems.
The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems.
This discussion has been archived. No new comments can be posted.

New Mirai Malware Variant Targets Signage TVs and Presentation Systems

Comments Filter:
  • So, umm... (Score:4, Insightful)

    by Locke2005 ( 849178 ) on Monday March 18, 2019 @07:02PM (#58295502)
    Don't use default password on anything that's connected to the internet? If you can print a serial number on the label, you can print a password on the label too!
  • by LostMyAccount ( 5587552 ) on Tuesday March 19, 2019 @07:59AM (#58297482)

    I'd wager a lot of these devices wind up implemented because someone in marketing just had to have a giant TV blasting their propaganda, and bought a gadget they saw advertised or inked some deal with a company who provided the gear "for free".

    The latter is especially pernicious, I've helped implement one for a client that they just love because they can connect to the providers web site and upload their messages, and the device lays it out with a news/weather ticker (and advertising if it was "free").

    It's pernicious because now you have a computer on your network that requires internet connectivity and accepts code and data from the outside over which you have zero control.

    You can implement them safely, but it requires a lot of effort -- a private DMZ-type VLAN dedicated to these displays that can get to the internet but not to the rest of the network. A solution complicated by the fact that where they want to mount them has no wired LAN port but does wireless but can't work with the captive portal for guest access. And that's if the device isn't some dumb hybrid, requiring both local web access for some configuration *and* continuous connectivity to the internet for centrally pushed content.

    Ergo, the security questions and complexity/effort of secure implementation get pushed aside so Karen in marketing can have her propaganda outlet.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...