Do we have a Boinc virus?

Very interesting ... quite an exploit ... :(

I wonder if this would be a good canditate for: Total Credit => 0 ...

I agree with you Paul.
Furthermore i would consider deleting the accout as an option.

I definitely agree. I imagine with the account deleted the exploited computers will run out of WU's and continue trying to contact SETI.

Very interesting ... quite an exploit ... :(

I wonder if this would be a good canditate for: Total Credit => 0 ...

I agree with you Paul.
Furthermore i would consider deleting the accout as an option.

I definitely agree. I imagine with the account deleted the exploited computers will run out of WU's and continue trying to contact SETI.

I smell foul play. Someone has made BOINC the payload of a trojan.

And the account belongs to a company ---> www.esc-consult.de.

I'm curious if this was done by an employee and the comany gets bad credit for that one now.

Would be interesting if someone could/would contact them the hear what they have to say about this.

Hmm, very interesting and very dangerous for the project and for the community!!! Can someone of the people here having direct wire to Rom or others at Berkeley assure that they are aware of it, and taking the necessary steps to avoid banning BOINC by antimalware, antivirus and firewall software and before it makes news in some IT magazines?

I know the user ID quite well - I noticed him when he, as the leader of SETI Germany with increible RAC of ~70k (now it is even more) left the team and created his own one just few weeks ago. I found it very strange, but since there were others leaving the team shortly after (including some well known forum members), I thought there were some internal conflicts behind it (we just seem to have one at CNT too).

I find it very important that some officials make the necessary steps to avoid more damage. I hate to tell it, but this is a criminal activity, and the author of the act desires to be investigated by the police. I hope for him that he is innocent and it was just some stupid friend of the victim who installed it manually (though it definitely does not look like).
____________
trux
BOINC software
Freediving Team
Czech Republic

Hmm, very interesting and very dangerous for the project and for the community!!! Can someone of the people here having direct wire to Rom or others at Berkeley assure that they are aware of it, and taking the necessary steps to avoid banning BOINC by antimalware, antivirus and firewall software and before it makes news in some IT magazines?

I know the user ID quite well - I noticed him when he, as the leader of SETI Germany with increible RAC of ~70k (now it is even more) left the team and created his own one just few weeks ago. I found it very strange, but since there were others leaving the team shortly after (including some well known forum members), I thought there were some internal conflicts behind it (we just seem to have one at CNT too).

I find it very important that some officials make the necessary steps to avoid more damage. I hate to tell it, but this is a criminal activity, and the author of the act desires to be investigated by the police. I hope for him that he is innocent and it was just some stupid friend of the victim who installed it manually (though it definitely does not look like).

As often happens, the discussiuon/fear/reaction of/to 'security issues' generally wastes more time/creates more upheaval than the threat ever created or posed.

As often happens, the discussiuon/fear/reaction of/to 'security issues' generally wastes more time/creates more upheaval than the threat ever created or posed.

that applies to almost all "security" situations.
Read Bruce Schneier's blog, he's a security expert who knows what he's talking about, and knows what real security is, he thinks and talks about security in a very rational way, discussing real-world security issues, most security responces are completely pointless, or unnecessary, some of the things he suggests aren't what you'd expect at all, but what what he suggests is true

As often happens, the discussiuon/fear/reaction of/to 'security issues' generally wastes more time/creates more upheaval than the threat ever created or posed.

that applies to almost all "security" situations.
Read Bruce Schneier's blog, he's a security expert who knows what he's talking about, and knows what real security is, he thinks and talks about security in a very rational way, discussing real-world security issues, most security responces are completely pointless, or unnecessary, some of the things he suggests aren't what you'd expect at all, but what what he suggests is true

Exactly, therefore no one at Berkeley or anywhere else needs to take any special action, beyond the standard AV and safe computing practices.

precisely, this isn't a boinc problem
it's the same as with guns, guns don't kill people, people kill people

boint doesn't just install itself without permission on it's own, someone instructs it to do so, the problem is the person, not the tool

it's the same as with guns, guns don't kill people, people kill people

Right. My point is that putting the words 'BOINC' and 'Virus' in the same sentence is potentially more dangerous than a destructive BOINC Variant ever could be.
As soon as the two words appear together all reason goes from the minds of millions of users and compuer professionals alike and a witch-hunt begins.

err, double post. removed
____________
trux
BOINC software
Freediving Team
Czech Republic

Right. My point is that putting the words 'BOINC' and 'Virus' in the same sentence is potentially more dangerous than a destructive BOINC Variant ever could be.
As soon as the two words appear together all reason goes from the minds of millions of users and compuer professionals alike and a witch-hunt begins.

Exactly! And as soon as people not having any relation to BOINC start reporting it to media or to antivirus/antimalware companies, you can be sure the impact will be big. Therefore, better make the damage control now!

it's the same as with guns, guns don't kill people, people kill people

Explain to the Gestapo it was not you who killed H. Heidrich even if it is apparent your gun was used.

In fact, with TPM, your bank wouldn’t even need to ask for your username and password -- it would know you simply by the identification on your machine.

Since when is "your computer" the same as "you"?

different issue, my point was that the gun acting alone (if that's possible for an inanimate object) doesn't kill someone, it needs to be fired by a person

different issue, my point was that the gun acting alone (if that's possible for an inanimate object) doesn't kill someone, it needs to be fired by a person

You do not get the point. People will not study what is BOINC as soon as it is associated with malware and viruses in some IT magazine article, or when antimalware/antivirus/firewall software starts reporting BOINC as potential intruder. It is pointless to discuss whether it is the owner or the gun who killed, once the owner got bad reputation, the good conscience does not help him a lot to repair the damage. It may safe him from the punisment (and even that does not happen always), but it will ruin his life nevertheless.

if i had to make a suggestion, i'd say inform all the right places about what boinc is, before they make their own assumptions, that would be a good path towards damage control