Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Mirai Malware Variant Targets Signage TVs and Presentation Systems (zdnet.com)

Posted by BeauHD on from the target-acquired dept.

An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today.

The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems. The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems.

21 comments

  1. So, umm... by Locke2005 · · Score: 3, Insightful

    Don't use default password on anything that's connected to the internet? If you can print a serial number on the label, you can print a password on the label too!

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:So, umm... by Anonymous Coward · · Score: 0

      The manufacturer has no way of knowing whether or not you are going to connect it to the internet. That's on you.

    2. Re:So, umm... by Anonymous Coward · · Score: 0

      Yeah, just like Q-Tips has no way to know people are going to stick the product in their ears.

      I mean who would ever connect an internet-enabled device to the internet? We're not savages anymore.

    3. Re:So, umm... by Anonymous Coward · · Score: 0

      You are stupid, that's on you.

    4. Re:So, umm... by Anonymous Coward · · Score: 0

      They go in your ears?

    5. Re:So, umm... by Joe_Dragon · · Score: 1

      password = dots (resets when low battery)

      From time to time you see signs in the demo loop.

      https://www.wired.com/2009/02/...

    6. Re:So, umm... by Anonymous Coward · · Score: 0

      Since the whole idea of IoT crap is to spy on the purchasers, lets just all stop buying crap that connects to the internet when it does not need to do so to function!

    7. Re:So, umm... by Anonymous Coward · · Score: 0

      There are lots of instances where we mandate people perform a certain action because they refuse despite clear evidence they should. This is usually not only for their benefit but for society as well. Current (and hopefully future) examples include seat belts, air bags, electrical safety inspections, professional engineer licensing, vaccinations, school, etc.

      If stupid only killed stupid and the consequence of their death affected only stupid then perhaps you'd have a (not very empathetic) point. But there is a cost to society so we take steps to protect them.

    8. Re:So, umm... by Chris+Mattern · · Score: 1

      They go in your ears?

      Cute joke, but in fact, no, they don't. Sticking a Q-Tip in your ear canal is a good way to puncture your eardrum; Q-Tip packaging contains a warning specifically telling you not to do that.

  2. Found the primary image by Anonymous Coward · · Score: 0

    Goa Tse - We Owned You Country !!!

  3. No presentation systems in Federal prison... by Anonymous Coward · · Score: 0

    Sorry Trump traitors.

    1. Re:No presentation systems in Federal prison... by Anonymous Coward · · Score: 0

      Lookup the Act of 1871. The current defacto government is entirely full of traitors. Lincoln could not dissolve The Constitutional Democratic Republic, so a Federal Municipal Corporation was created entitled THE UNITED STATES (no "of America"). This corporation owns D.C. which is why it's not a state. The corporation was set up to have bylaws similar to the Constitutional governance, but the corps is not beholden to the constitution. Over time the internal bylaws have changed and that's how the government gets away with violating the constitution at every turn.

      In 2004 a group of citizens successfully re-inhabited the seats of government in all 50 states. You won't hear about it on TV, because this means the defacto government, granted under wartime powers, is supposed to step down upon such a time that the seats of the Constitutional Republic are nolonger vacant.

      Trump is a CEO of a corporation entitled THE UNITED STATES - Its subsidiaries are similarly incorporated as states, but are not the state government. No courts have jurisdiction over citizens of the Several States United under the Constitutional Republic. No police have jurisdiction to arrest you. If arrested demand discovery of the arresting officer's oath or affirmation on file with the State or Federal Attorney General. No such document exists, ergo, you will have been wrongfully arrested. If the court presses the matter, point out that you are not in a court of the people of your state, but in a corporate arbitrage. The judge has no jurisdiction as a corporate officer, since you are not an employee of the corps. This means you should also not agree to be bound by the name the clerk calls you as. Say only that you recognize the all caps name as an entity created upon your birth without your consent, and that THE UNITED STATES has given you executive authority over said account, but you are not a corporate fiction, you're a free citizen domiciled in one of the several states.

      This is how rich people get away with murder. Start researching the law and using it. Left or right, I don't care, the sooner you idiots realize there is no way the government can hold you accountable for crimes, the better. Lincoln didn't end slavery, he indentured the entire nation as bonded servants of a corporation to pay off the Civil War Debt with your labour. You don't have an original birth certificate (it is a bond, binding you in servitude), and the original is kept by the state. You don't have to get your children "birth certificates" and bond them into slavery. You'd think social justice simpletons would know this kind of shit, since they hate indentured servitude so much... but they're all deceived.

      The Interim President of the United States of America is President Geiger, not Trump.

    2. Re:No presentation systems in Federal prison... by Anonymous Coward · · Score: 0

      Your "I'm a sovereign citizen" bullshit won't keep you out of prison, numbnuts.

      Most of the people that have tried what you suggest are serving prison sentences, but hey, be my guest.

      Do it- be the man, you just go right ahead and tell that cop who pulled you over to "fuck off", let him know you're not "driving", you're "traveling", and see if that means jack shit to him. (HINT: It won't.)

      Dumbfucks like you want all the privileges that come with society but you want none of the responsibilities, and you can die in a fire, you worthless little pussyfart.

    3. Re:No presentation systems in Federal prison... by Anonymous Coward · · Score: 0

      No courts have jurisdiction over citizens of the Several States United under the Constitutional Republic. No police have jurisdiction to arrest you.

      Whatever you say, you psuedo-libertarian Trumptard dumbfuck.

    4. Re: No presentation systems in Federal prison... by Anonymous Coward · · Score: 0

      Ah yes, the "sovereign citizen"

      Yeah, you can claim that all you want, but it won't do you any good as it won't stop you from getting taken to get boofed by Bubba in the slammer.

      They will take your body no matter what 'facts' you try to present to them. Once that happens, it's game over.

  4. Warning- Javascript malware by Anonymous Coward · · Score: 0

    Disable Javascript to turn off all of the lame paywall overlays with the threat of you have x number of free articles remaining. Text and images will still load fine.

  5. Smart IoT Devices ... by Anonymous Coward · · Score: 0

    What an oxymoron. If they can be compromized so easily then they cannot be very smart can they now?

  6. Presentation Exploits by Anonymous Coward · · Score: 0

    Just imagine the political clout you would have if your virus has the ability to pop up displays of political blackmail on millions of devices around the world.

    News agencies wouldn't air the material if you released it... but I mean, Imagine when now known pedophile Sir Jimmy Savile. In 1978 Johnny Rotten told the truth about the pedophile cult And he was blackballed from media afterwards.

    Imagine if someone like Johnny Rotten had the ability to display heinous shit about top politicians all around the world? Wow! That might be worse than "national security" it might be the fate of the world as we know it in the hands of some poor schmuck with a few exploits and evidence.

    TL;DR: Fuck off and die you pricks. I'm coming for you. I don't care about the shit you do, but get in my way and I will destroy all of you.

    1. Re: Presentation Exploits by Anonymous Coward · · Score: 0

      "it might be the fate of the world as we know it in the hands of some poor schmuck with a few exploits and evidence."

      You mean it will clean the garbage out of politics, getting rid of the bad actors?

      Somehow that dosen't strike fear and terror in me, in fact quite the opposite.

  7. When marketing makes technology choices by LostMyAccount · · Score: 2

    I'd wager a lot of these devices wind up implemented because someone in marketing just had to have a giant TV blasting their propaganda, and bought a gadget they saw advertised or inked some deal with a company who provided the gear "for free".

    The latter is especially pernicious, I've helped implement one for a client that they just love because they can connect to the providers web site and upload their messages, and the device lays it out with a news/weather ticker (and advertising if it was "free").

    It's pernicious because now you have a computer on your network that requires internet connectivity and accepts code and data from the outside over which you have zero control.

    You can implement them safely, but it requires a lot of effort -- a private DMZ-type VLAN dedicated to these displays that can get to the internet but not to the rest of the network. A solution complicated by the fact that where they want to mount them has no wired LAN port but does wireless but can't work with the captive portal for guest access. And that's if the device isn't some dumb hybrid, requiring both local web access for some configuration *and* continuous connectivity to the internet for centrally pushed content.

    Ergo, the security questions and complexity/effort of secure implementation get pushed aside so Karen in marketing can have her propaganda outlet.

    1. Re: When marketing makes technology choices by Anonymous Coward · · Score: 0

      "and the device lays it out with a news/weather ticker (and advertising if it was "free")."

      - "Today there is a 60% chance of thunderstorms. High will be 95F low 67F. Hope "for the family" Johhny Politician dosen't get too wet when he meets his secret gay lover again in the local park restroom tonight!"