An analysis of roughly 4,400 IP cameras in the U.S. using custom http servers found that just over 51 percent of them are infected by one of four Internet of Things botnet malware families, according to new research.
The majority of these 3,675 compromised cameras, or approximately 64.1 percent, were infected by the IoT botnet Persirai, Trend Micro reported in a blog post on Thursday. Discovered earlier this year, Persirai relies on exploited vulnerabilities to steal credentials and attack other devices.
The remaining affected cameras were found infected by the IoT botnets Mirai (about 27.7 percent), DvrHelper (about 6.8 percent), and TheMoon (about 1.4 percent), the blog post continues. Trend Micro used the Shodan search engine as well as its own research to amass its study sample, though it is not currently clear how recently this analysis took place. (SC Media has contacted Trend Micro for an answer.)
Recent versions of Mirai, the botnet responsible for the major distributed denial of service attack against Dyn, have been bolstering the botnet’s distribution capabilities by leveraging a Windows trojan that scans for more open ports than previous iterations did, Trend Micro noted.
DvrHelper, a direct descendant of Mirai, is the first malware designed to bypass an anti-DDoS solution, while TheMoon is the oldest malware that targets IoT devices, the blog post states.