I had a nasty time recently trying to upgrade my 2 Zees to the latest HS3 pi software and kept getting a trojan that took over my machine.
Here is the description the trojan: https://www.tobsan.se/update/2017/11/06/rpi-trojan.html
So here is what I found out. The current RPI image does not change the default user/password from pi/raspberry. As soon as you open port 22 on your router and point it to the Zee, you will be infected very quickly. In my case, before I figured out what was going on, I re-imaged my SD cards about 4 times, booted them up on a network with port 22 forwarded to the pi and was infected every time within 4 hours. This trojan sets your Zee up to become and IrC bot and the remote hacker has complete control.
Solution: Don't open port 22 on your router to remote SSH to the Zee OR change the default user pi password before you do.
Hope this helps someone.
PS. To see if you already may be affected, SSH to your machine, navigate to /opt and issue a dir command. If you see a funny 8 character script you are infected. In my case, I only see two files: HomeSeer and vc.
Here is the description the trojan: https://www.tobsan.se/update/2017/11/06/rpi-trojan.html
So here is what I found out. The current RPI image does not change the default user/password from pi/raspberry. As soon as you open port 22 on your router and point it to the Zee, you will be infected very quickly. In my case, before I figured out what was going on, I re-imaged my SD cards about 4 times, booted them up on a network with port 22 forwarded to the pi and was infected every time within 4 hours. This trojan sets your Zee up to become and IrC bot and the remote hacker has complete control.
Solution: Don't open port 22 on your router to remote SSH to the Zee OR change the default user pi password before you do.
Hope this helps someone.
PS. To see if you already may be affected, SSH to your machine, navigate to /opt and issue a dir command. If you see a funny 8 character script you are infected. In my case, I only see two files: HomeSeer and vc.
Comment