Researchers have uncovered a new botnet that takes over Internet-connected cameras in order to launch denial-of-service attacks, following in the footsteps of the notorious Mirai botnet.
The new malware, called Persirai, appears to be controlled by Iranian nationals, since the addresses of its command servers use the controlled .ir domain and special Persian characters were used in its code, according to Trend Micro.
Persirai targets more than 1,000 models of IP cameras and Trend found more than 120,000 vulnerable devices listed on the Shodan Internet of Things (IoT) search engine.
“Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet,” Trend said in an advisory. “This makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81.”
Persirai attacks cameras using a security bug made public several months ago, and installs code that causes the device to automatically begin attacking other cameras using the same vulnerability.
While running the malware code blocks other attacks that make use of the same bug. Since it runs in memory only, the malware is disabled when the device is rebooted – but the device then also becomes vulnerable to attacks once again.
Infected cameras receive commands from the attacker’s servers that can direct distributed denial-of-service (DDoS) attacks against other systems, Trend said.
The company said the manufacturer of the device it tested said it had released a firmware update fixing the vulnerability used by Persirai, but Trend wasn’t able to find a more recent firmware version.
The security firm advised users to change the default passwords on their Internet-connected devices, if they haven’t already done so.
“Users should also disable UPnP on their routers to prevent devices within the network from opening ports to the external Internet without any warning,” Trend advised.
In March, researchers said a Mirai variant had been used to carry out a 54-hour-long attack on a US college, and in April IBM uncovered another variant that used devices’ processing power to mine Bitcoins.
Mirai uses open source code that has been released to the public, making it simpler for attackers to create their own customised versions.
Last month the developer of BrickerBot, which aims to render vulnerable gadgets inoperable so that they can’t be used by botnets, said the tool had disabled two million devices to date.
Do you know all about security in 2017? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…