Secure Your IP Cameras, a New Botnet Has Arrived

Over 122,000 IP cameras are vulnerable to becoming part of the newly discovered Persirai botnet.

Trend Micro just revealed it has discovered a new botnet called Persirai that is targeting over 1,000 IP camera models.

All 122,069 vulnerable IP cameras can be discovered via the IoT search engine Shodan.

This latest botnet comes after malware known as Mirai enslaved IoT devices last fall in what was the world’s largest ever Distributed Denial of Service (DDoS) attack.

The Persirai botnet works by accessing vulnerable IP cameras by the open port on the user’s router and acting like a server, then performing a command injection to force the camera to connect to a download site which will execute a malicious script shell and install malware onto the camera, roping it into the botnet, according to ZDNet.

RELATED: Cybersecurity Dos and Don’ts

This allows the cameras to carry out DDoS attacks against target networks, overloading them and causing massive Internet outages such as the ones that occurred last year.

Persirai’s developers have also reportedly taken the step of blocking the exploit they use in order to prevent other attackers from targeting the camera and keep the infected device to themselves.

This is all possible because of manufacturers releasing IoT devices with default login credentials. This allows for anyone with a list of generic admin names and passwords to look up your IP camera and exploit it.

Keep yourself safe and make sure your internet-connected devices have strong passwords. Trend Micro says users should also disable Universal Plug and Play (UPnP) on their routers to prevent devices within the network from opening ports to the external Internet without any warning.

Below is a diagram by Trend Micro illustrating how the Persirai botnet works.

how a botnet works

READ NEXT: Cybersecurity Risk Is Real: SSI’s 2017 Physical-Logical Security Assessment

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Steven A. Karantzoulidis is the Web Editor for Security Sales & Integration. He graduated from the University of Massachusetts Amherst with a degree in Communication and has a background in Film, A/V and Social Media.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Get Our Newsletters