Yoosee Doorbell Trojan

[k1s]

As soon as I connected my Yoosee Doorbell the router reported the following Trojan:

A Network Trojan was Detected
ET MALWARE
A Network Trojan was Detected
Destination IP: 101.33.11.48, 101.33.10.114
"ET MALWARE Suspicious User-Agent (GeneralDownloadApplication)"; http_user_agent; depth:26; isdataat:!1,relative; classtype:trojan-activity; sid:2025092; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2011_07_06, deployment Perimeter, former_category USER_AGENTS, signature_severity Major, tag User_Agent, updated_at 2020_09_15

What is the appropriate response to this report?

 

[k1s]

So I blocked outbound internet traffic from the doorbell's IP address and the device becomes unreachable "disconnected" in the Yoosee app. As soon as I unblock it again, the same warning from the router threat prevention software, this time with IP addresses: 101.33.11.29, 101.33.10.52, and 101.33.11.45

All these are registered to IRT-ACEVILLEPTELTD-SG, 16 COLLYER QUAY, # 18-29, INCOME AT RAFFLES, SINGAPORE.

Why would it be necessary for the doorbell to be trying to contact these IPs to be able to function?

What are the appropriate firewall rules to set to block to prevent malware but enable this doorbell to function properly?

 

[k1s]

So it seems If I open ports 51700,51880,51881, and 8787, but geographically restrict access to sources from only say UK, it doesn't work. If I restrict access to IP addresses from Singapore it does work. It seems therefore that this company insists on continual access from Singapore.

What are you doing with this traffic?

 

[Piotr]

Hi
I have exactly same problem.
Traffic is filtered out at malware.
Please explain what is sent and why.