An independent security researcher, Mike Olsen, discovered last week that CCTV cameras were being sold on Amazon with pre-installed malware.
The discovery was made when he visited a friend of his to help him install and customize a kit with external security cameras he had just bought. His friend's overall purchase was six CCTV PoE cameras (Sony's Power Over Ethernet), a DVR, and a PoE switch. Everyone bought it from a reputable store Amazon, which had good customer reviews.
While trying to gain access to the admin panel of the cameras, Mr Olsen discovered that the settings table was empty.
His first thought was that there was a problem with CSS files that prevents the settings from being displayed, so he opened the browser page code to see the development of the program and surprised he found there was a hidden iframe loaded at the bottom of the page , and retrieved content from the Brenz.pl website
Doing a quick search on Google revealed one blog post by 2011, which described how the Brenz.pl domain was used in malware distributions.
Apparently, the domain is still active and used to host dangerous Trojans, which will be downloaded to infected users' computers.
This meant that the newly purchased camera kit monitoringς θα μπορούσε να είναι ανά πάσα στιγμή να μολυνθεί με κακόβουλο software, if the Brenz.pl operator decided to send the malicious code to their DVR via the hidden iframe.
But if the Breza.pl domain was already in the kit firmware, then there might be other more malicious malware in its code.
So we recommend paying special attention if you want to buy this product
