Blue Iris 5 - Trojan

[ex0dusk3]

Hello, for the past week or so I use Malwarebytes and lately I keep getting popups stating it blocked some viruses.

Date: 3/25/20 3:54PM
File: C:\Program Files\Blue Iris 5\BlueIris.exe
Category: Trojan
Port: 48181
IP Address: 144.217.34.147
Type: Inbound Connection


I am not sure what this is other than i looked up that IP and it's from Canada.


There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?

[HeneryH]

Probably just normal bad actors polling to find vulnerable machines.

[Thixotropic]

Probably just normal malware polling to find vulnerable machines.

Probably a good idea to block everything that's not a US IP address.

[lanbrown]

The better option, if you're accessing it remotely say from a phone, you can easily find the external IP address that is used (try google with "what's my ip") and then go to ARIN and put the address in it. You can then find all of the network blocks that the mobile provider has. You could just allow those and thus have a smaller number of IP's that could hit your system. People do port scans in the US as well. You also have TOR exit nodes in the US.

[TimG]

I am not sure what this is other than i looked up that IP and it's from Canada.

There have been other IP's along with that one that have been blocked as well.

Is it someone/thing trying to login to my Blue Iris?

As the other people said, yes they are. If you don't use remote viewing, you could block the port in your router, but otherwise, you could beef up your security by various means.

I have gone the Asus router (With Merlin firmaware) running OpenVpn route, which according to my BI5 logs, completely stopped people from China and Russia attempting to log in to my system. I wasn't getting those alerts from Malwarebytes, so that could be a whole new level of attack

I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.

[HeneryH]

I'm no expert, but I don't think they are interested in BI5 - they are more interested in searching for things that they can use, for example, your IP cameras, and the possibility of adding them to a bot net.

I think this is right. Just bad actors polling every IP and every port looking for something interesting to exploit. I'm actually surprised you don't have many more of these.