Blue Iris 5 - Trojan

Post Reply
ex0dusk3
Posts: 1
Joined: Wed Mar 25, 2020 8:58 pm

Blue Iris 5 - Trojan

Post by ex0dusk3 » Wed Mar 25, 2020 10:24 pm

Hello, for the past week or so I use Malwarebytes and lately I keep getting popups stating it blocked some viruses.

Date: 3/25/20 3:54PM
File: C:\Program Files\Blue Iris 5\BlueIris.exe
Category: Trojan
Port: 48181
IP Address: 144.217.34.147
Type: Inbound Connection


I am not sure what this is other than i looked up that IP and it's from Canada.


There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: Blue Iris 5 - Trojan

Post by HeneryH » Thu Mar 26, 2020 4:31 pm

Probably just normal bad actors polling to find vulnerable machines.
Last edited by HeneryH on Fri Mar 27, 2020 1:35 pm, edited 1 time in total.

User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

Re: Blue Iris 5 - Trojan

Post by Thixotropic » Thu Mar 26, 2020 11:11 pm

HeneryH wrote:
Thu Mar 26, 2020 4:31 pm
Probably just normal malware polling to find vulnerable machines.
Probably a good idea to block everything that's not a US IP address.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

lanbrown
Posts: 3
Joined: Mon Feb 03, 2020 6:31 am

Re: Blue Iris 5 - Trojan

Post by lanbrown » Thu Mar 26, 2020 11:26 pm

The better option, if you're accessing it remotely say from a phone, you can easily find the external IP address that is used (try google with "what's my ip") and then go to ARIN and put the address in it. You can then find all of the network blocks that the mobile provider has. You could just allow those and thus have a smaller number of IP's that could hit your system. People do port scans in the US as well. You also have TOR exit nodes in the US.

User avatar
TimG
Posts: 452
Joined: Tue Jun 18, 2019 10:45 am
Location: Nottinghamshire, UK.

Re: Blue Iris 5 - Trojan

Post by TimG » Sat Mar 28, 2020 10:23 am

I am not sure what this is other than i looked up that IP and it's from Canada.

There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?
As the other people said, yes they are. If you don't use remote viewing, you could block the port in your router, but otherwise, you could beef up your security by various means.

I have gone the Asus router (With Merlin firmaware) running OpenVpn route, which according to my BI5 logs, completely stopped people from China and Russia attempting to log in to my system. I wasn't getting those alerts from Malwarebytes, so that could be a whole new level of attack :shock:

I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.
Blue Iris v5.2.3.0 | Win10 Pro x64 | Dahua IPC-HDW5231R-ZE, Foscam R2, Ertech 4MP, 2 analogue cameras on Euresys Picolo Pro 2 | FX-8350 AMD Piledriver CPU, 32GB Ram, Multiple SSD and HD| Homeseer HS3(4) Pro | TVMosaic | Emby | DVBViewer |

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: Blue Iris 5 - Trojan

Post by HeneryH » Sat Mar 28, 2020 3:01 pm

TimG wrote:
Sat Mar 28, 2020 10:23 am
I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.
I think this is right. Just bad actors polling every IP and every port looking for something interesting to exploit. I'm actually surprised you don't have many more of these.

Post Reply