Page 1 of 1

Blue Iris 5 - Trojan

Posted: Wed Mar 25, 2020 10:24 pm
by ex0dusk3
Hello, for the past week or so I use Malwarebytes and lately I keep getting popups stating it blocked some viruses.

Date: 3/25/20 3:54PM
File: C:\Program Files\Blue Iris 5\BlueIris.exe
Category: Trojan
Port: 48181
IP Address: 144.217.34.147
Type: Inbound Connection


I am not sure what this is other than i looked up that IP and it's from Canada.


There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?

Re: Blue Iris 5 - Trojan

Posted: Thu Mar 26, 2020 4:31 pm
by HeneryH
Probably just normal bad actors polling to find vulnerable machines.

Re: Blue Iris 5 - Trojan

Posted: Thu Mar 26, 2020 11:11 pm
by Thixotropic
HeneryH wrote: Thu Mar 26, 2020 4:31 pm Probably just normal malware polling to find vulnerable machines.
Probably a good idea to block everything that's not a US IP address.

Re: Blue Iris 5 - Trojan

Posted: Thu Mar 26, 2020 11:26 pm
by lanbrown
The better option, if you're accessing it remotely say from a phone, you can easily find the external IP address that is used (try google with "what's my ip") and then go to ARIN and put the address in it. You can then find all of the network blocks that the mobile provider has. You could just allow those and thus have a smaller number of IP's that could hit your system. People do port scans in the US as well. You also have TOR exit nodes in the US.

Re: Blue Iris 5 - Trojan

Posted: Sat Mar 28, 2020 10:23 am
by TimG
I am not sure what this is other than i looked up that IP and it's from Canada.

There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?
As the other people said, yes they are. If you don't use remote viewing, you could block the port in your router, but otherwise, you could beef up your security by various means.

I have gone the Asus router (With Merlin firmaware) running OpenVpn route, which according to my BI5 logs, completely stopped people from China and Russia attempting to log in to my system. I wasn't getting those alerts from Malwarebytes, so that could be a whole new level of attack :shock:

I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.

Re: Blue Iris 5 - Trojan

Posted: Sat Mar 28, 2020 3:01 pm
by HeneryH
TimG wrote: Sat Mar 28, 2020 10:23 am I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.
I think this is right. Just bad actors polling every IP and every port looking for something interesting to exploit. I'm actually surprised you don't have many more of these.