Hello, welcome to the Monday, October 3, 2016 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Honolulu, Hawaii.

Just published a quick summary of some of the attacks we are currently seeing against DVRs,

given all the emphasis in the last week about denial of service attacks against DVRs.

Nothing really all that great and new about it.

They're still using standard default passwords accessing the DVR via Telnet and getting in that way.

Not just actually Port 23, also port 2323 is being scanned by these bots.

Probably looking for a couple of DVRs that's listening on off ports. The big problem here are of course home users, not so much enterprise networks, but it's the small networks that

of course don't have a lot of controls. So really things like IDS signatures and such,

don't really make a lot of sense for this kind of threat. Probably best if you're worried about

this to scan your network yourself, figuring out if you have any telnet servers that

you didn't expect in many cases, it's not obvious from the GUI that you have with your DVR

that it has a telnet server listening. So that can be somewhat deceiving. And also, we're talking

here about security camera DVRs,

not the ones that you typically use to record TV shows.

These DVRs are often exposed to remote monitor these DVRs or the security video images.

So that's usually how the Telnet server gets exposed.

The DVR itself often uses also UPNP to auto-configure firewalls.

And of course, on that note, it's also not just these DVRs, it's also cameras themselves

if they do have an IP address.

Nk Xavier wrote up the latest malicious Word file that he came across.

This one sort of attracted his attention because it did use a URL in the user agent,

...