Malware is far more common than everyone thinks. Most people only come to think about malware after they’ve been infected. After all, once everything keeps working as it should, then there’s little reason to think malware is present. But malware is always being updated and new ones are being released every day. One of the latest malware is an IoT malware that can potentially infect up to 100000 internet-connected cameras. As many people are not even aware that their cameras may be connected to the internet as this is a default setting on several devices, this is a worry for more people than is immediately obvious.
This malware is called Persirai and has been known to infect Chinese-made wireless cameras. The first infections were noted in April 2017 but security researchers have noted flaws in the camera that made them vulnerable back in March of this year. These flaws allowed the cameras to be hijacked since it was possible for programming code to be executed remotely on the cameras. Trend Micro discovered in April that a new malware was being propagated by exploiting the very same flaws on these products that were initially warned about. Trend Micro has gone forward to say that their estimates of 100000 potential cameras at risk were based on the search engine Shodan which is used for hardware that is connected to the internet.
The malware infects the cameras by forming a botnet which is an army of computers which have become enslaved. These botnets can then overwhelm websites and force them offline with an overdose of internet traffic. Once infected, Persirai will block others from being able to exploit the same vulnerabilities of the device. Persirai is built by borrowing some code from the famous malware called Mirai (the names are not a coincidence) that has been infecting IoT devices like routers and CCTV cameras, although it works by guessing passwords and not exploiting any systematic flaw. The code that Persirai lifts is that which allows Mirai to scan the internet for new devices which it may infect.
While Persirai’s botnet is able to launch DDoS attacks, it has not yet attacked any websites. This could be due to the developers of the malware still testing the malware’s capabilities to be able to better determine how to use it. Experts in DDoS protection have expressed frustration in the laying out of the flaws of the cameras as it has allowed developers of malware to exploit them, though they stressed that the original security researcher seemed to have acted with good intentions.
Trend Micro has found the primary manufacturer of the cameras and is working with them to roll out a patch. Until the time when the patch is released, they will not name the manufacturer so it’s impossible to know which brands and products could be at risk. Owners who are worried can protect their devices by using a firewall and by blocking access to servers for the malware’s control centre which is located in Iran.