Do we have a Boinc virus?

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 . . . 27 · Next

Author	Message
trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 240414 - Posted: 31 Jan 2006, 20:23:47 UTC Last modified: 31 Jan 2006, 20:31:51 UTC
	I do not think it is the same case. This one seems to use different credentials and the classic client. I'd be interested though if it was investigated and the perpetrator persecuted. I mean this is a clearly criminal activity and should be followed up as such, regardless if the author did it in sake of "helping" the science, or just to improve his ranking (and his ego). And since it is not too dificult to track down the account owner, and verifying if it was him who launched the virus, I wonder if the responsible authorities were informed. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 240414 ·

Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 22,608,796 RAC: 8,066	Message 240415 - Posted: 31 Jan 2006, 20:30:05 UTC
	I'm thinking that the worm was modified for the user. He changed all the locations, file names and user info. It may not be the one but probably the model for the one we are looking at. ____________ http://www.teamstarfire.org/
	ID: 240415 ·

Tigher Volunteer tester Send message Joined: 18 Mar 04 Posts: 1547 Credit: 760,577 RAC: 0	Message 240422 - Posted: 31 Jan 2006, 20:35:11 UTC
	Perhaps its a corporate PC and the local sysadmins install all PCs that way. They may have a ISO CD for installs with it all set up or they connect remotely and just install it and the users does not know. All can be done. They change the files names & locations so its looks less obvious? ____________
	ID: 240422 ·

Hans Dorn Volunteer developer Volunteer tester Send message Joined: 3 Apr 99 Posts: 2245 Credit: 14,171,813 RAC: 25,523	Message 240425 - Posted: 31 Jan 2006, 20:47:35 UTC Last modified: 31 Jan 2006, 20:51:22 UTC
	I don't believe that anyone would be stupid enough to link his own business to a bogus seti account. Maybe Carsten could clear things up by posting here. Regards Hans P.S: Since he does training courses on his computers, a lot of people could have gotten access to his credentials ____________
	ID: 240425 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 240427 - Posted: 31 Jan 2006, 20:53:22 UTC - in response to Message 240425. Last modified: 31 Jan 2006, 20:55:05 UTC
	Maybe Carsten could clear things up by posting here. Yes, that's what I asked him to do when he replied my email. He wrote he did not know how to write viruses. I wrote I'd be very interested in his opinion and explanation, since I assume he had to see the RAC increase. I am just afraid he won't answer anymore. I am temped to call him, but again, I am no official BOINC representant, and it is not my business to make any such investigation. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 240427 ·

Astro Volunteer tester Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0	Message 240429 - Posted: 31 Jan 2006, 20:57:23 UTC
	sounds fishy to me. My opinion is just that...an opinion, and is only based on hearsay evidence posted here. it's subject to change...of course.
	ID: 240429 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 240430 - Posted: 31 Jan 2006, 20:59:14 UTC - in response to Message 240425.
	Since he does training courses on his computers, a lot of people could have gotten access to his credentials Still, I believe he would certainly notice that he has far too many hosts in his account. And the single case that came out, was almost certainly not the only one. I do not think he did not know what is going on. But I agree I would love to hear from him some reasonable explanation anyway. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 240430 ·

Ace41690 Send message Joined: 16 Oct 04 Posts: 141 Credit: 655,604 RAC: 202	Message 240435 - Posted: 31 Jan 2006, 21:16:17 UTC - in response to Message 240169.
	Something interesting came up on Team Starfire. A Non Seti member had a problem with "setiathome_4.18_windows_intelx86.exe" running in the background and couldn't get rid of it. After doing a lot of searching we found that it was hidden in his system32 folder and the exe was renamed to "wupdmgr1.exe" Someone went to a lot of trouble to hide everything. We found out the user that is getting the credits and his stats are very interesting. http://setiathome.berkeley.edu/team_display.php?teamid=122736 A one user team and ranked 10th in the world. What do you think? edit: had the wrong url posted. >Fred Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. ____________
	ID: 240435 ·

Astro Volunteer tester Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0	Message 240438 - Posted: 31 Jan 2006, 21:19:29 UTC - in response to Message 240435.
	Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. This sounds like the normal operation of Boinc installed as a service.
	ID: 240438 ·

Ace41690 Send message Joined: 16 Oct 04 Posts: 141 Credit: 655,604 RAC: 202	Message 240439 - Posted: 31 Jan 2006, 21:21:35 UTC - in response to Message 240438.
	Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. This sounds like the normal operation of Boinc installed as a service. But why would it sometimes end and sometimes not? The process usually goes away when i exit Boinc, but on occasion i notice its still running. ____________
	ID: 240439 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 240440 - Posted: 31 Jan 2006, 21:23:54 UTC - in response to Message 240435.
	Umm i dont know if this has anything to do with a virus. Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC. In the meantime I received another reply from Giese, briefly telling he has no idea how it happened. He did not explain why he did not react when seeing unknown hosts in his account manager, or the increase in RAC. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 240440 ·

Astro Volunteer tester Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0	Message 240441 - Posted: 31 Jan 2006, 21:26:56 UTC - in response to Message 240439.
	But why would it sometimes end and sometimes not? The process usually goes away when i exit Boinc, but on occasion i notice its still running. I've seen PPAH stay running after boinc shut down, but not any other program. This was 9-12 months ago or so, and I haven't seen it since. I don't know.
	ID: 240441 ·

MikeSW17 Volunteer tester Send message Joined: 3 Apr 99 Posts: 1603 Credit: 2,700,523 RAC: 0	Message 240444 - Posted: 31 Jan 2006, 21:35:38 UTC - in response to Message 240304.
	if i had to make a suggestion, i'd say inform all the right places about what boinc is, before they make their own assumptions, that would be a good path towards damage control Sure, but what or who are the 'right places' to inform, how to contact them? When the 'right places' start getting hundreds of reports of a program called BOINC mysteriously using 100% of their CPU, how do you think the right places will notice one little e-mail saying 'Hi guys, BOINC is alright, I promise, I wrote it'. The problem is that rumor and conspiracy theory is bigger than and travels faster than, the truth. This thread is already no doubt being indexed by Google. Don't expect someone using the search words 'BOINC virus' to bother with the tiny detail of reading the text, a match will be enough to prove the case. If certain critical mass is reached, there will be 1000s of know-nothings reporting bad news, for every 1 who does know trying to tell the truth. The larger number wins. ____________
	ID: 240444 ·

John McLeod VII Volunteer developer Volunteer tester Send message Joined: 15 Jul 99 Posts: 22343 Credit: 439,209 RAC: 396	Message 240453 - Posted: 31 Jan 2006, 21:54:24 UTC
	Matt is one of the right people, and I assume that he knows about the problem because he has replied to the thread. Leav it to him. ____________ BOINC WIKI
	ID: 240453 ·

SURVEYOR Volunteer tester Send message Joined: 19 Oct 02 Posts: 375 Credit: 475,603 RAC: 261	Message 240467 - Posted: 31 Jan 2006, 22:48:48 UTC
	HIDDEN COMPUTERS Do I need to say more? ____________ Fred BOINC Alpha, BOINC Beta, LHC Alpha, Einstein Alpha
	ID: 240467 ·

Crunch3r Volunteer tester Send message Joined: 15 Apr 99 Posts: 1540 Credit: 3,302,157 RAC: 0	Message 240480 - Posted: 31 Jan 2006, 23:32:05 UTC - in response to Message 240440.
	Umm i dont know if this has anything to do with a virus. Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC. In the meantime I received another reply from Giese, briefly telling he has no idea how it happened. He did not explain why he did not react when seeing unknown hosts in his account manager, or the increase in RAC. Hi Trux (Ivo), :D i totally agree with your point and since your're allready in contact with "Carsten Giese" you could ask him to change his password. ( This would emliminate the abouse if his email accout and his password, but still left the attaching via account key open, but anyhow one chance to get the thing resolved and only one choice left that the "abused" account info is not using the password and email to attach to the project). P.S. you've got my email adress :D ____________ Join BOINC United now! Auto eVB \| Autoversicherung
	ID: 240480 ·

Darth Dogbytes™ Volunteer tester Send message Joined: 30 Jul 03 Posts: 7512 Credit: 2,021,148 RAC: 0	Message 240487 - Posted: 31 Jan 2006, 23:58:45 UTC Last modified: 1 Feb 2006, 0:08:11 UTC
	I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. From what I understand, Matt is leading the investigation. ____________ Account frozen...
	ID: 240487 ·

John McLeod VII Volunteer developer Volunteer tester Send message Joined: 15 Jul 99 Posts: 22343 Credit: 439,209 RAC: 396	Message 240493 - Posted: 1 Feb 2006, 0:05:14 UTC - in response to Message 240487.
	I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. Like I said, Matt is one of the devs, and once I say his post, I knew that they were aware of the problem. It is good that they are actively looking into it. ____________ BOINC WIKI
	ID: 240493 ·

Fuzzy Hollynoodles Volunteer tester Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0	Message 240497 - Posted: 1 Feb 2006, 0:11:59 UTC - in response to Message 240493.
	I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. Like I said, Matt is one of the devs, and once I say his post, I knew that they were aware of the problem. It is good that they are actively looking into it. As I posted 7 hours ago, I mailed both Matt Lebofski and Rom Walton with a link to this thread. So I don't think it's necessary to do anything further, as they are aware of it. ____________ "I'm trying to maintain a shred of dignity in this world." - Me
	ID: 240497 ·

Atomic Kitten Death March Send message Joined: 8 Oct 04 Posts: 153 Credit: 415,035 RAC: 0	Message 240498 - Posted: 1 Feb 2006, 0:14:59 UTC
	so lets all just wait and see what happens. Something will turn up. ____________ Join the team, SETI.USA We are growing and could use your help to overcome SETI.Germany...www.setiusa.net
	ID: 240498 ·

Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?