If you are using AVTECH Equipment with firmware prior to 20 March 2017, most likely it’d been infected with ELF_IMEIJ (IMEIJ ) Malware or is about to get infected.
There’s no stopping the malware as every infected system will continue to search for other uninfected system and infect them with the Malware.
We had sent alerts to all customers on mailing list on 20 March 2017.
You can read up more about it here also.
If your equipment is an older AVTECH equipment that had been discontinued by AVTECH, there’s no longer any firmware upgrades from AVTECH that will fix the vulnerabilities that prevent future infection.
We had stop using AVTECH Equipment since 2015 and have currently no AVTECH system under warranty anymore.
For customers on maintenance/subscription plan, their equipment had already been replaced by non AVTECH equipment since 2016.
As we have no longer any customers using AVTECH equipment under warranty/maintenance/subscription and there’s no easy way to identify if the problems are caused by the malware infection or by faulty hardware, support for AVTECH equipment will cease.
You have the following replacement or repair options to fix the system.
1. Replace the Equipment with newer equipment. (Recommended)
We are currently running a replacement program and will waived off onsite replacement charges and router configuration charges for customers who purchased equipment with technical support (EQCS-Packages Only).
Offer for free replacement/configuration till 7th April 2017.
Refer to the following Links for Replacement Options.
2. Reload the firmware and reconfigure the system yourself
Flash the firmware with an uninfected copy of the firmware and unplugged the system from the internet.
You can use it for local recording. Connecting it back to internet for remote viewing will lead to the malware infection again as there is no security fix for that from AVTECH.
You can refer to this link for the guide/links to downl oad the firmware.
There’ll not be any support for this. Do refer to the guide or refer to our FAQ. (http://www.lakson.com.sg/ticket/kb)
3. Engage us to do the firmware reload.
Please place an order for the services here.
Do note that there is NO SUPPORT for this. We will reload the firmware and check if the system is recording. The system will still have to be disconnected from the internet as it will be infected by the malware again if it is plug into the internet after reloading the firmware.
As mentioned before, as there is no easy way to identify if the problems are caused by the malware infection or by faulty hardware, we will no longer support AVTECH equipment as we no longer have any customers under warranty/maintenance/subscription whom are using AVTECH equipment as we had stop using AVTECH equipment since 2015.
Please choose from the above 3 options and click on the link to see the guides/place the order for replacement/services.
If you would like to receive security alerts/promotions, please subscribe to our mailing list, otherwise you may miss out on important updates/alerts.
Here’s some symptom that you might face if your system is infected by the malware. Not all infected system will exhibit symptoms. Some may appear to work properly with the malware running in the background.
- Slow down of your network
- Unable to login to your AVTECH CCTV System
- Restarting of AVTECH CCTV system works only temporary.
- Network Settings of your AVTECH DVR/NVR/IP Camera changes to some weird settings.
What the malware will do
“The points of entry for this new Linux malware are connected AVTech devices such as IP cameras, CCTV equipment, and network recorders that support the AVTech cloud. Once the malware is installed onto the device, it gathers system information and network activity data. It can also execute shell commands from the malicious actor, initiate Distributed Denial of Service (DDoS) attacks, and terminate itself,” the researchers explain.
The attacker will have full control of your system and will be able to monitor data in your network. It might allow them to copy files from insecure file servers in your network as well.