Dreambox Virus Beware

D4ftpunk

D4ftpunk

Regular Member
Joined
Aug 16, 2004
Messages
358
Reaction score
0
Points
0
Age
36
My Satellite Setup
Dreambox 7020
Dreambox DM500
Sky Thomsom Digibox
StrongSat FTA Reciever
80cm Dish + 45cm Dish via Disecq A/B.
My Location
England
Hi guys, just thought i would post here this important info.

Block port 21 on your dreambox's and change your passwords, there is a virus going around that exploits the ftpd afaik, and harvests your cwshare.cfg and things.

Also some new files get uploaded tool2.tar,start.sh, and activity comes from this hostname: satelli1.dyndns.org

Be Careful.
 
T_G

T_G

The Consumate Dreamer
Staff member
Joined
Jan 1, 2000
Messages
6,693
Reaction score
241
Points
63
Age
58
My Satellite Setup
1 GigaBlue Quad plus, 1 Dreambox 5620, MOTECK SG2100A DISEqC Motor, 120 cm noname offset dish, Humax 95 cm offset dish and a few UK digiboxes.
My Location
Somewhere where the Sauer is Kraut and the Wurst is Brat
Hi
Can you give us some more details?
 
mhku

mhku

Super Moderator
Staff member
Joined
Mar 8, 2005
Messages
4,712
Reaction score
20
Points
38
My Satellite Setup
TM Nano ~ sg2100
My Location
Midlands
But it'll only get people who cardshare ;)

WARNING: virus in Dreams boxes...

------------------------------------------------------------

SPYWHARE ONBOARD? VIRUS IN LINUX DREAMBOX ?? CHECK YOURE BOX

something is ******* the dreambox when you have port 21 open
how they find you i dont know maybe because of 1 cw that leads to 100 others and that leads to 100.000 others and so on

when they have hacked you then they uploaded a tarfile 4347_tool2.tar in /var and unpack it in /var/tool2 and then run a script start.sh in /var/tool2 which uses a binary called tvconnector.

who thes people are i dont know what this does i dont know
i do know that it should not be in youre dreambox
this could easy be spyware from who knows

my advise is to you all check youre dreambox id you see one of thes files/dir's in youre box

FLASH IT

dont take any risk maybe youre box is sending data about youre peers
maybe youre box is sending data to collect as evidence against you



TO ALL CHECK YOUR BOXES AND CLOSE FTP PORT FOR THE EXTERNE NETWORK

THIS INFORMATION IS FROM A VERY TRUSTED PPL




It's good practice to change the image default password. Anyone trying to ftp or telnet to the box must supply the correct password.

Telnet to your dreambox and type passwd. It will ask for the new password twice. It has to be at least 6 characters long and no more than 8.
Click to expand...

source: http://www.gccadm.net/forum/viewtopic.php?t=86874
 
D4ftpunk

D4ftpunk

Regular Member
Joined
Aug 16, 2004
Messages
358
Reaction score
0
Points
0
Age
36
My Satellite Setup
Dreambox 7020
Dreambox DM500
Sky Thomsom Digibox
StrongSat FTA Reciever
80cm Dish + 45cm Dish via Disecq A/B.
My Location
England
Well ive seen this happen, thats where i got my info from, i watched it as it happened on a friends box. All we did after is did a factory reset using the remote control and reuploaded the cardshare files (for legal purposes of course) and changed password to something obscure, null routing port 21.
 
CROSSBONES

CROSSBONES

Specialist Contributor
Joined
Jul 23, 2005
Messages
2,009
Reaction score
192
Points
63
My Satellite Setup
1.2m channel master on a jeager 1224 motor. 55cm fibo Gregorian. VU solo2.
My Location
S.Wales
and changed password to something obscure
Click to expand...

Did he have the standard DB pass or was it hacked?
 
Top