A virus? On my Tivo?!?!

**djl** · 02-26-2012, 04:37 PM

I was remotely working on my HD recently, and forgot to close the telnet port on my router when I was done. The next day I had some trouble connecting to Tivowebplus, so I did a ps to see if it was running or not. There must have been a couple of dozen rogue processes, all spawned by some files in /var/run with names like 'mipsd', 'shd', and 'mipsel.' Some botnet had found its way in and was trying to turn my Tivo into a spam zombie! It was easy enough to clean: I killed the top entry, deleted the files in /var/run and rebooted. Hopefully, this thing didn't actually manage to send any messages. Considering that there are a bunch of viruses that target embedded devices that run linux (like routers, for example), who's to say that a different bot wouldn't be able to do some major damage?

The moral: don't be a bonehead like me! Never leave a command port open to the world!

**stevel** · 02-29-2012, 02:38 PM

What? Can't be true. We all know Linux doesn't get viruses!

**Omikron** · 03-08-2012, 01:29 AM

Wow! I wonder if that's the first case of an infected TiVo!

Congrats! :-)

**captain_video** · 03-10-2012, 10:14 AM

If it becomes contagious we'll know where to look for patient zero.

**djl** · 03-10-2012, 12:02 PM

Originally Posted by captain_video

If it becomes contagious we'll know where to look for patient zero.

LOL... it was worse than I thought, by the way. It got on my router and the two went back and forth reinfecting each other for a while. Eventually I had to do an emergency reinstall on the Tivo. The bot was aidra and it is NASTY piece of work.

**stevel** · 03-10-2012, 07:04 PM

Fascinating - had not heard of this one. Saw one writeup at http://issviews.com/blog/warning-aid...-hydra-botnet/

Thread: A virus? On my Tivo?!?!

Thread Tools

Rate This Thread

Display

A virus? On my Tivo?!?!

Tags for this Thread

Posting Permissions