Security blogs and news sites are reporting that a new Botnet has been discovered. Named Persirai the botnet has a target base of 1,000 different IP camera models. It was discovered by Trend Micro be finding four command and control server and tracking it backwards to the infected devices.
During the analysis of the malware, Trend found out that it targeted IP cameras, similar to previous IoT botnets. Using the Shodan tool, they found at least 120,000 devices on the Internet which would be the targets of this malware because of their large number of different types of cameras have the relevant vulnerability.
Publicly available IP cameras are highly visible targets for variants of IoT malware because they usually use Universal Plug and Play (UPnP) open network protocols. Such protocols are designed to let devices open a port on the router and act as a server, but they also allow access to the device from outside the router or firewall.
There is a very large difference between Mirai and Persirai in as much as Mirai uses brute-force login attempts to steal credentials, but Persirai uses a zero-day vulnerability made public some months ago.
The botnet owners are exploiting this vulnerability can get the password file from the camera, which gives them complete authenticated access to the device.