Do we have a Boinc virus?


log in

Advanced search

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 . . . 27 · Next
Author Message
Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 240414 - Posted: 31 Jan 2006, 20:23:47 UTC
Last modified: 31 Jan 2006, 20:31:51 UTC

I do not think it is the same case. This one seems to use different credentials and the classic client. I'd be interested though if it was investigated and the perpetrator persecuted. I mean this is a clearly criminal activity and should be followed up as such, regardless if the author did it in sake of "helping" the science, or just to improve his ranking (and his ego). And since it is not too dificult to track down the account owner, and verifying if it was him who launched the virus, I wonder if the responsible authorities were informed.
____________
trux
BOINC software
Freediving Team
Czech Republic

Profile Fred G
Avatar
Send message
Joined: 17 May 99
Posts: 185
Credit: 24,109,481
RAC: 0
United States
Message 240415 - Posted: 31 Jan 2006, 20:30:05 UTC

I'm thinking that the worm was modified for the user. He changed all the locations, file names and user info. It may not be the one but probably the model for the one we are looking at.
____________

http://www.teamstarfire.org/

Profile Tigher
Volunteer tester
Send message
Joined: 18 Mar 04
Posts: 1547
Credit: 760,577
RAC: 0
United Kingdom
Message 240422 - Posted: 31 Jan 2006, 20:35:11 UTC

Perhaps its a corporate PC and the local sysadmins install all PCs that way. They may have a ISO CD for installs with it all set up or they connect remotely and just install it and the users does not know. All can be done. They change the files names & locations so its looks less obvious?
____________

Hans Dorn
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 2245
Credit: 18,786,162
RAC: 2,045
Germany
Message 240425 - Posted: 31 Jan 2006, 20:47:35 UTC
Last modified: 31 Jan 2006, 20:51:22 UTC

I don't believe that anyone would be stupid enough to link his own business to a bogus seti account.

Maybe Carsten could clear things up by posting here.


Regards Hans

P.S: Since he does training courses on his computers, a lot of people could have gotten access to his credentials
____________

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 240427 - Posted: 31 Jan 2006, 20:53:22 UTC - in response to Message 240425.
Last modified: 31 Jan 2006, 20:55:05 UTC

Maybe Carsten could clear things up by posting here.
Yes, that's what I asked him to do when he replied my email. He wrote he did not know how to write viruses. I wrote I'd be very interested in his opinion and explanation, since I assume he had to see the RAC increase. I am just afraid he won't answer anymore. I am temped to call him, but again, I am no official BOINC representant, and it is not my business to make any such investigation.

____________
trux
BOINC software
Freediving Team
Czech Republic

Astro
Volunteer tester
Avatar
Send message
Joined: 16 Apr 02
Posts: 8026
Credit: 600,015
RAC: 0
Message 240429 - Posted: 31 Jan 2006, 20:57:23 UTC

sounds fishy to me. My opinion is just that...an opinion, and is only based on hearsay evidence posted here. it's subject to change...of course.

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 240430 - Posted: 31 Jan 2006, 20:59:14 UTC - in response to Message 240425.

Since he does training courses on his computers, a lot of people could have gotten access to his credentials
Still, I believe he would certainly notice that he has far too many hosts in his account. And the single case that came out, was almost certainly not the only one. I do not think he did not know what is going on. But I agree I would love to hear from him some reasonable explanation anyway.

____________
trux
BOINC software
Freediving Team
Czech Republic

Ace41690
Send message
Joined: 16 Oct 04
Posts: 141
Credit: 665,626
RAC: 0
United States
Message 240435 - Posted: 31 Jan 2006, 21:16:17 UTC - in response to Message 240169.

Something interesting came up on Team Starfire. A Non Seti member had a problem with "setiathome_4.18_windows_intelx86.exe" running in the background and couldn't get rid of it. After doing a lot of searching we found that it was hidden in his system32 folder and the exe was renamed to "wupdmgr1.exe" Someone went to a lot of trouble to hide everything. We found out the user that is getting the credits and his stats are very interesting. http://setiathome.berkeley.edu/team_display.php?teamid=122736 A one user team and ranked 10th in the world. What do you think?

edit: had the wrong url posted.

>Fred


Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however.
____________

Astro
Volunteer tester
Avatar
Send message
Joined: 16 Apr 02
Posts: 8026
Credit: 600,015
RAC: 0
Message 240438 - Posted: 31 Jan 2006, 21:19:29 UTC - in response to Message 240435.

Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however.

This sounds like the normal operation of Boinc installed as a service.

Ace41690
Send message
Joined: 16 Oct 04
Posts: 141
Credit: 665,626
RAC: 0
United States
Message 240439 - Posted: 31 Jan 2006, 21:21:35 UTC - in response to Message 240438.

Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however.

This sounds like the normal operation of Boinc installed as a service.


But why would it sometimes end and sometimes not? The process usually goes away when i exit Boinc, but on occasion i notice its still running.
____________

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 240440 - Posted: 31 Jan 2006, 21:23:54 UTC - in response to Message 240435.

Umm i dont know if this has anything to do with a virus.
Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC.

In the meantime I received another reply from Giese, briefly telling he has no idea how it happened. He did not explain why he did not react when seeing unknown hosts in his account manager, or the increase in RAC.

____________
trux
BOINC software
Freediving Team
Czech Republic

Astro
Volunteer tester
Avatar
Send message
Joined: 16 Apr 02
Posts: 8026
Credit: 600,015
RAC: 0
Message 240441 - Posted: 31 Jan 2006, 21:26:56 UTC - in response to Message 240439.


But why would it sometimes end and sometimes not? The process usually goes away when i exit Boinc, but on occasion i notice its still running.

I've seen PPAH stay running after boinc shut down, but not any other program. This was 9-12 months ago or so, and I haven't seen it since. I don't know.

Profile MikeSW17
Volunteer tester
Send message
Joined: 3 Apr 99
Posts: 1603
Credit: 2,700,523
RAC: 0
United Kingdom
Message 240444 - Posted: 31 Jan 2006, 21:35:38 UTC - in response to Message 240304.


if i had to make a suggestion, i'd say inform all the right places about what boinc is, before they make their own assumptions, that would be a good path towards damage control


Sure, but what or who are the 'right places' to inform, how to contact them?

When the 'right places' start getting hundreds of reports of a program called BOINC mysteriously using 100% of their CPU, how do you think the right places will notice one little e-mail saying 'Hi guys, BOINC is alright, I promise, I wrote it'.

The problem is that rumor and conspiracy theory is bigger than and travels faster than, the truth.

This thread is already no doubt being indexed by Google. Don't expect someone using the search words 'BOINC virus' to bother with the tiny detail of reading the text, a match will be enough to prove the case.

If certain critical mass is reached, there will be 1000s of know-nothings reporting bad news, for every 1 who does know trying to tell the truth. The larger number wins.


____________

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 24329
Credit: 519,653
RAC: 31
United States
Message 240453 - Posted: 31 Jan 2006, 21:54:24 UTC

Matt is one of the right people, and I assume that he knows about the problem because he has replied to the thread. Leav it to him.
____________


BOINC WIKI

SURVEYOR
Volunteer tester
Send message
Joined: 19 Oct 02
Posts: 375
Credit: 608,422
RAC: 0
United States
Message 240467 - Posted: 31 Jan 2006, 22:48:48 UTC

HIDDEN COMPUTERS
Do I need to say more?
____________
Fred
BOINC Alpha, BOINC Beta, LHC Alpha, Einstein Alpha

Profile Crunch3rProject donor
Volunteer tester
Avatar
Send message
Joined: 15 Apr 99
Posts: 1540
Credit: 3,314,460
RAC: 0
Germany
Message 240480 - Posted: 31 Jan 2006, 23:32:05 UTC - in response to Message 240440.

Umm i dont know if this has anything to do with a virus.
Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC.

In the meantime I received another reply from Giese, briefly telling he has no idea how it happened. He did not explain why he did not react when seeing unknown hosts in his account manager, or the increase in RAC.


Hi Trux (Ivo), :D

i totally agree with your point and since your're allready in contact with "Carsten Giese" you could ask him to change his password. ( This would emliminate the abouse if his email accout and his password, but still left the attaching via account key open, but anyhow one chance to get the thing resolved and only one choice left that the "abused" account info is not using the password and email to attach to the project).

P.S. you've got my email adress :D






____________

Join BOINC United now!
Auto eVB | Autoversicherung

Profile Darth Dogbytes™
Volunteer tester
Send message
Joined: 30 Jul 03
Posts: 7512
Credit: 2,021,148
RAC: 0
United States
Message 240487 - Posted: 31 Jan 2006, 23:58:45 UTC
Last modified: 1 Feb 2006, 0:08:11 UTC

I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. From what I understand, Matt is leading the investigation.

____________
Account frozen...

John McLeod VII
Volunteer developer
Volunteer tester
Avatar
Send message
Joined: 15 Jul 99
Posts: 24329
Credit: 519,653
RAC: 31
United States
Message 240493 - Posted: 1 Feb 2006, 0:05:14 UTC - in response to Message 240487.

I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention.

Like I said, Matt is one of the devs, and once I say his post, I knew that they were aware of the problem. It is good that they are actively looking into it.
____________


BOINC WIKI

Profile Fuzzy Hollynoodles
Volunteer tester
Avatar
Send message
Joined: 3 Apr 99
Posts: 9659
Credit: 251,998
RAC: 0
Message 240497 - Posted: 1 Feb 2006, 0:11:59 UTC - in response to Message 240493.

I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention.

Like I said, Matt is one of the devs, and once I say his post, I knew that they were aware of the problem. It is good that they are actively looking into it.


As I posted 7 hours ago, I mailed both Matt Lebofski and Rom Walton with a link to this thread.

So I don't think it's necessary to do anything further, as they are aware of it.


____________
"I'm trying to maintain a shred of dignity in this world." - Me

Profile Atomic Kitten Death March
Avatar
Send message
Joined: 8 Oct 04
Posts: 153
Credit: 415,035
RAC: 0
United States
Message 240498 - Posted: 1 Feb 2006, 0:14:59 UTC

so lets all just wait and see what happens. Something will turn up.
____________
Join the team, SETI.USA We are growing and could use your help to overcome SETI.Germany...www.setiusa.net

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?

Copyright © 2014 University of California