ELF_IMEIJ.A the DDoS Malware

A new malware targeting Linux-based Internet of Things (IoT) devices known as ELF_IMEIJ.A targets vulnerabilities identified in surveillance cameras produced by the company AVTech to carry out DDoS attacks.

Threat ID:: CC-1271
Category:: Botnet
Threat Severity:: Low
Threat Vector:: Exploit
Published:: 16 March 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Threat details

The points of entry for this malware are devices that support the AVTech cloud environment, specifically IP cameras, CCTV and network recorders.

Vulnerable IoT devices are identified via cig-bin scripts that will ping IP addresses on a network until it finds a weak spot. Once identified it exploits the CloudSetup.cgi and executes a command injection which will then result in the malware being downloaded.

After successful installation the file’s permissions are then changed to execute the file locally and perform the DDoS attack. It’s been identified that all passwords on AVTech products are stored in clear text and an attacker will have the ability to see all of the passwords stored on the device.

Remediation steps

Type	Step
	Identify whether there is a presence of any AVTech products. Look to ensure that any AVTech products are excluded from the main network and any access from the internet. Ensure that default passwords on all devices are changed.

Last edited: 17 February 2020 11:30 am