flat assembler
Message board for the users of flat assembler.

Index > Heap > DVR's being turned into multi-functional bots

Author
Thread Post new topic Reply to topic
kalambong



Joined: 08 Nov 2008
Posts: 165
kalambong
https://isc.sans.edu/forums/diary/More+Device+Malware+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+and+now+with+Bitcoin+Miner+/17879

Unknown thousands (perhaps more) of DVRs, particularly those made by hikvision, have been compromised and turned into online bots tasked with two objectives.

1. Bitcoin mining

2. Exploiting port 5000 vulnerability on the Synology Disk Stations

BTW, this is not an April's Fool joke. This is real.

The malwares are precompiled ARM-binaries.
Post 01 Apr 2014, 12:02
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8903
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
this is interesting, afaik, the cpu that running DVR are nearly the power of 486 or maybe less,
really wonder how much btc they could mine, let say with 1000 affected dvr?
Post 01 Apr 2014, 17:06
View user's profile Send private message Reply with quote
kalambong



Joined: 08 Nov 2008
Posts: 165
kalambong
sleepsleep wrote:
this is interesting, afaik, the cpu that running DVR are nearly the power of 486 or maybe less,
really wonder how much btc they could mine, let say with 1000 affected dvr?
The one which are running the malwares have ARM-based microprocessors, as the malware are procompiled ARM-binaries.
Post 01 Apr 2014, 22:39
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8903
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i don't get it, why they want to use it to mine BTC, and how much BTC they could cram from that arm processor?
Post 01 Apr 2014, 23:03
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
It depends upon which ARM implementation they are using. The latest octo-core at 2+GHz could process quite reasonably with the hardware hash instructions. Much more than a 486, and closer to i3/i5 I'd expect.


Last edited by revolution on 02 Apr 2014, 06:45; edited 1 time in total
Post 01 Apr 2014, 23:49
View user's profile Send private message Visit poster's website Reply with quote
Tyler



Joined: 19 Nov 2009
Posts: 1216
Location: NC, USA
Tyler
Either way, CPU mining isn't going to get them very far. I got less than 10MH/s on my i7 3610QM, and 10MH/s is a joke. Assuming the ARM chips in those DVRs are half of my i7 (and I would think that's an overestimate), they'd have to have 66 DVR's just to equal a $30 USB miner you can buy on Amazon. As long as they don't get caught and thrown in jail, it's profitable, but only because they aren't paying for the hardware or power; they aren't getting rich.

Using this calculator, even if they have 50 GH/s or 10,000 DVRs by the above estimate, they would make less than $3/day. http://www.bitcoinx.com/profit/ (Make sure you set hardware costs and power costs to 0, if you want to try it yourself.)

Now, this is assuming they don't have access to a video processor that could be used for computation. Mining's all about tons of weak slow cores and if they could use the video processor like a GPU, then my estimates could be way low.
Post 02 Apr 2014, 03:44
View user's profile Send private message Reply with quote
Dr F



Joined: 01 Apr 2014
Posts: 239
Location: Berehove, Ukraine
Dr F
Haa haa, realy funny.

that is a joke but indeed usually some sorta errors or so are put into system.

_________________
Best location where I Harden, shall be the most beautifull Garden
Post 02 Apr 2014, 06:07
View user's profile Send private message Reply with quote
badc0de02



Joined: 25 Nov 2013
Posts: 216
Location: %x
badc0de02
why are now so many ridiculous post about jokes or no jokes
Post 02 Apr 2014, 06:40
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8903
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
tyler,
i tried to get more information about those dvr specification, i "guess", maybe only those high spec would include special gpu for maybe facial recognition or etc graphic intensive based processing.

btw, if one use angry ping to scan list of ip with port 80 open, there are actually lots of open CCTV with default username and password.
Post 03 Apr 2014, 03:16
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.