Slashdot Mirror

← Back to Stories (view on slashdot.org)

DVRs Used To Attack Synology Disk Stations and Mine Bitcoin

Posted by Unknown on from the dvr-burned-the-house-down dept.

UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."

5 of 75 comments (clear)

  1. Re:I hate April fools on the internet. by nbetcher · · Score: 3, Informative

    Unfortunately this does not appear to be a case of April fools. Somehow I wish it were.

  2. Re:Why is anyone surprised... by Anonymous Coward · · Score: 3, Informative

    For even more perspective: The current hash rate on the Bitcoin network is about 40,000,000 gigahashes per second. With 0.2 megahashes per second, you can expect to earn 3600*0.2/40,000,000,000 Bitcoins per day. That's 0.000000018 Bitcoins (or about two Satoshis) per day. At that rate, it would take 380 years to earn a dollar.

  3. Synology vulnerability? by doas777 · · Score: 3, Informative

    TFA has very little info on the supposed Synology management interface vulnerability.

    I believe this article covers some some of the general info on the vulnerabilities: http://www.symantec.com/connec...

  4. "Bitcoin": Error in reporting? by DrYak · · Score: 3, Informative

    That might also be an error in reporting: TFA's Author might have written "bitcoin mining" (for lack of understanding the whole alt-coin ecosystem) when it would be best described as "cryptocurrency miner".
    The last few article on /. mentioning mining malware, all said "bitcoin mining" when careful reading showed up that in fact the malware didn't mine bitcoins but another cryptocurrency better suited for CPU (one of the latest I remember was PTShares).
    Reporter just say "bitcoin mining" because that's the only thing they know and they vaguely remember that creating bitcoins was something CPU intensive.

    The black-hats creating sophisticated malware (a worm, infecting vulnerable connected DVR, so they in turn can attack Synology NAS and launch mining software) aren't probably stupid enough to mine bitcoin, they probably know better, and the miner is for whatever is the current most CPU-worthy (i.e.: non SHA-256^2 baesd) cryptocurrency-coin.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  5. Re:Why is anyone surprised... by Pope · · Score: 4, Informative

    Synology's firmware is updated p. regularly in my few month's experience of owning a DiskStation.

    --
    It doesn't mean much now, it's built for the future.