Do we have a Boinc virus?

Message boards : Number crunching : Do we have a Boinc virus?

1 · 2 · 3 · 4 . . . 27 · Next

Author	Message
Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240169 - Posted: 31 Jan 2006, 6:01:01 UTC Last modified: 31 Jan 2006, 6:06:14 UTC
	Something interesting came up on Team Starfire. A Non Seti member had a problem with "setiathome_4.18_windows_intelx86.exe" running in the background and couldn't get rid of it. After doing a lot of searching we found that it was hidden in his system32 folder and the exe was renamed to "wupdmgr1.exe" Someone went to a lot of trouble to hide everything. We found out the user that is getting the credits and his stats are very interesting. http://setiathome.berkeley.edu/team_display.php?teamid=122736 A one user team and ranked 10th in the world. What do you think? edit: had the wrong url posted. >Fred ____________ http://www.teamstarfire.org/
	ID: 240169 ·

Shadowcats Volunteer tester Send message Joined: 22 Sep 03 Posts: 36 Credit: 146,467 RAC: 0	Message 240170 - Posted: 31 Jan 2006, 6:05:33 UTC
	Ummm can't see This user has chosen not to show information about their computers. :( ____________ G'day from.....
	ID: 240170 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240171 - Posted: 31 Jan 2006, 6:07:06 UTC - in response to Message 240170.
	Ummm can't see This user has chosen not to show information about their computers. :( Try it now. I had the wrong URL posted. ____________ http://www.teamstarfire.org/
	ID: 240171 ·

Shadowcats Volunteer tester Send message Joined: 22 Sep 03 Posts: 36 Credit: 146,467 RAC: 0	Message 240174 - Posted: 31 Jan 2006, 6:16:57 UTC
	Yup see it now thanks but he/she has compys hidden so who knows how many they have would be an idea if someone could find this out something doesn't add up to me i did read the Team Starfire thread very interesting. ____________ G'day from.....
	ID: 240174 ·

Prognatus Send message Joined: 6 Jul 99 Posts: 1600 Credit: 391,546 RAC: 0	Message 240175 - Posted: 31 Jan 2006, 6:17:39 UTC
	Did he download BOINC from download.com or directly from Berkeley?
	ID: 240175 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240176 - Posted: 31 Jan 2006, 6:20:35 UTC - in response to Message 240175.
	Did he download BOINC from download.com or directly from Berkeley? He didn't even know what Boinc or Seti was. He just noticed the files were using his CPU time. ____________ http://www.teamstarfire.org/
	ID: 240176 ·

Kinguni Volunteer tester Send message Joined: 15 Feb 00 Posts: 239 Credit: 9,043,007 RAC: 14	Message 240177 - Posted: 31 Jan 2006, 6:21:32 UTC - in response to Message 240175.
	Did he download BOINC from download.com or directly from Berkeley? He didn't download it at all. It installed without his permission under a different name, made to look like it's the Windows Update service. ____________ Join Team Starfire BOINC Chat
	ID: 240177 ·

Shadowcats Volunteer tester Send message Joined: 22 Sep 03 Posts: 36 Credit: 146,467 RAC: 0	Message 240180 - Posted: 31 Jan 2006, 6:25:30 UTC
	Reading the Starfire thread has he actually asked his brother if he installed it and didn't want him knowing about it? just a thought........ ____________ G'day from.....
	ID: 240180 ·

Misfit Volunteer tester Send message Joined: 21 Jun 01 Posts: 21680 Credit: 2,443,662 RAC: 0	Message 240184 - Posted: 31 Jan 2006, 6:28:53 UTC Last modified: 31 Jan 2006, 6:38:20 UTC
	Interesting process name - wupdmgr.exe According to Boinc Stats he has 13 hosts, and more info. Here are his computers on CPDN.
	ID: 240184 ·

Prognatus Send message Joined: 6 Jul 99 Posts: 1600 Credit: 391,546 RAC: 0	Message 240185 - Posted: 31 Jan 2006, 6:30:32 UTC - in response to Message 240177. Last modified: 31 Jan 2006, 6:40:40 UTC
	He didn't download it at all. It installed without his permission under a different name, made to look like it's the Windows Update service. Did he get an email from "Microsoft" with a link to "Windows Update"? If so, he probably got a virus. Microsoft doesn't send out emails like that. A friend of mine followed such a link and had to reformat his entire drive to get rid of the virus.
	ID: 240185 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240186 - Posted: 31 Jan 2006, 6:30:54 UTC - in response to Message 240180.
	Reading the Starfire thread has he actually asked his brother if he installed it and didn't want him knowing about it? just a thought........ I think he would have recognized the name if it was his brother. He is from Canada and the account is in Germany. ____________ http://www.teamstarfire.org/
	ID: 240186 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240187 - Posted: 31 Jan 2006, 6:31:55 UTC - in response to Message 240184. Last modified: 31 Jan 2006, 6:38:20 UTC
	Interesting process name - wupdmgr.exe I see what you mean! ____________ http://www.teamstarfire.org/
	ID: 240187 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,824,597 RAC: 8,439	Message 240203 - Posted: 31 Jan 2006, 6:58:13 UTC - in response to Message 240184.
	Interesting process name - wupdmgr.exe According to Boinc Stats he has 13 hosts, and more info. Here are his computers on CPDN. Nice work Misfit! For 13 host that's a nice RAC, 121,566 and today was a bad day. ____________ http://www.teamstarfire.org/
	ID: 240203 ·

Paul D. Buck Volunteer tester Send message Joined: 19 Jul 00 Posts: 3898 Credit: 1,158,042 RAC: 0	Message 240218 - Posted: 31 Jan 2006, 8:27:04 UTC
	Very interesting ... quite an exploit ... :( I wonder if this would be a good canditate for: Total Credit => 0 ... ____________
	ID: 240218 ·

MikeSW17 Volunteer tester Send message Joined: 3 Apr 99 Posts: 1603 Credit: 2,700,523 RAC: 0	Message 240223 - Posted: 31 Jan 2006, 8:52:15 UTC
	The subject of Virii always elicits a very emotional and often panic reaction. Before taking this discussion further, It is very important to note that BOINC itself hasn't any virus characterics, but, like any program, it can be the payload carried by a true virus or other exploit. Whatever the outcome of this issue, BOINC is entirely blameless. ____________
	ID: 240223 ·

Paul D. Buck Volunteer tester Send message Joined: 19 Jul 00 Posts: 3898 Credit: 1,158,042 RAC: 0	Message 240224 - Posted: 31 Jan 2006, 9:00:45 UTC - in response to Message 240223.
	The subject of Virii always elicits a very emotional and often panic reaction. Before taking this discussion further, It is very important to note that BOINC itself hasn't any virus characterics, but, like any program, it can be the payload carried by a true virus or other exploit. Whatever the outcome of this issue, BOINC is entirely blameless. Oh, sure... no argument there ... ____________
	ID: 240224 ·

Kinguni Volunteer tester Send message Joined: 15 Feb 00 Posts: 239 Credit: 9,043,007 RAC: 14	Message 240227 - Posted: 31 Jan 2006, 9:11:49 UTC - in response to Message 240223.
	It is very important to note that BOINC itself hasn't any virus characterics, but, like any program, it can be the payload carried by a true virus or other exploit. Whatever the outcome of this issue, BOINC is entirely blameless. Of course. This was done by more than one user with classic SETI as well. ____________ Join Team Starfire BOINC Chat
	ID: 240227 ·

Mr.Pernod Volunteer tester Send message Joined: 8 Feb 04 Posts: 350 Credit: 1,015,988 RAC: 0	Message 240235 - Posted: 31 Jan 2006, 10:17:58 UTC
	Seen the same thing happening with FaH. Some people find it usefull to make programs like FaH or SETI part of selfextracting/installing archives distributed via p2p networks. So it is most like it was just a simple p2p-download (which the 'victim' most likely will not admit too) that installed SETI.
	ID: 240235 ·

Crunch3r Volunteer tester Send message Joined: 15 Apr 99 Posts: 1540 Credit: 3,302,157 RAC: 0	Message 240237 - Posted: 31 Jan 2006, 10:37:11 UTC - in response to Message 240218.
	Very interesting ... quite an exploit ... :( I wonder if this would be a good canditate for: Total Credit => 0 ... I agree with you Paul. Furthermore i would consider deleting the accout as an option. ____________ Join BOINC United now! Auto eVB \| Autoversicherung
	ID: 240237 ·

Jack Gulley Send message Joined: 4 Mar 03 Posts: 423 Credit: 526,566 RAC: 0	Message 240241 - Posted: 31 Jan 2006, 11:15:19 UTC
	If the Berkeley staff are not already all over this one, they should be, before the press is. Computer ID's in that account might allow them to find the IP addresses being used, and maybe track back to some of the system owners. And at least tell us how many different systems are being used and are "infected" this way. It would take at least 100 and maybe 300 systems or more to generate that kind of average credit. The team was setup January 1, 2006 but he had over 5 million credits then. Based on his credit history he has been at this for four months or longer, holds second place in BOINC/Seti rank, and has not been detected?
	ID: 240241 ·

1 · 2 · 3 · 4 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?