Blue Iris 5 - Trojan

Post Reply
ex0dusk3
Posts: 3
Joined: Wed Mar 25, 2020 8:58 pm

Blue Iris 5 - Trojan

Post by ex0dusk3 »

Hello, for the past week or so I use Malwarebytes and lately I keep getting popups stating it blocked some viruses.

Date: 3/25/20 3:54PM
File: C:\Program Files\Blue Iris 5\BlueIris.exe
Category: Trojan
Port: 48181
IP Address: 144.217.34.147
Type: Inbound Connection


I am not sure what this is other than i looked up that IP and it's from Canada.


There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Blue Iris 5 - Trojan

Post by HeneryH »

Probably just normal bad actors polling to find vulnerable machines.
Last edited by HeneryH on Fri Mar 27, 2020 1:35 pm, edited 1 time in total.
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Re: Blue Iris 5 - Trojan

Post by Thixotropic »

HeneryH wrote: Thu Mar 26, 2020 4:31 pm Probably just normal malware polling to find vulnerable machines.
Probably a good idea to block everything that's not a US IP address.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
lanbrown
Posts: 4
Joined: Mon Feb 03, 2020 6:31 am

Re: Blue Iris 5 - Trojan

Post by lanbrown »

The better option, if you're accessing it remotely say from a phone, you can easily find the external IP address that is used (try google with "what's my ip") and then go to ARIN and put the address in it. You can then find all of the network blocks that the mobile provider has. You could just allow those and thus have a smaller number of IP's that could hit your system. People do port scans in the US as well. You also have TOR exit nodes in the US.
User avatar
TimG
Posts: 2098
Joined: Tue Jun 18, 2019 10:45 am
Location: Nottinghamshire, UK.

Re: Blue Iris 5 - Trojan

Post by TimG »

I am not sure what this is other than i looked up that IP and it's from Canada.

There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?
As the other people said, yes they are. If you don't use remote viewing, you could block the port in your router, but otherwise, you could beef up your security by various means.

I have gone the Asus router (With Merlin firmaware) running OpenVpn route, which according to my BI5 logs, completely stopped people from China and Russia attempting to log in to my system. I wasn't getting those alerts from Malwarebytes, so that could be a whole new level of attack :shock:

I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Blue Iris 5 - Trojan

Post by HeneryH »

TimG wrote: Sat Mar 28, 2020 10:23 am I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.
I think this is right. Just bad actors polling every IP and every port looking for something interesting to exploit. I'm actually surprised you don't have many more of these.
Post Reply