Message boards :
Number crunching :
Do we have a Boinc virus?
Message board moderation
Previous · 1 . . . 3 · 4 · 5 · 6 · 7 · 8 · 9 . . . 27 · Next
Author | Message |
---|---|
Matt Lebofsky Send message Joined: 1 Mar 99 Posts: 1444 Credit: 957,058 RAC: 0 |
For the record, it *does* look like there is the distinct possibility that a worm/virus is spreading around running BOINC under this guy's name (there are many hosts with his userid, all running windows, and with IP addresses all over the world). That's all the evidence we have, and there's really not much we can do. As for PR, we're not going to make an announcement because, as I stated earlier, this would confuse more then calm. We don't have time to do any virus hunting. We'll let the security powers that be deal with this, and if/when any official report shows up on F-Secure or otherwise it will already have been dealt with. Any information we have at that point may be used to adjust credit accordingly. Key word: "may". - Matt -- BOINC/SETI@home network/web/science/development person -- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude |
Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 24,109,481 RAC: 0 |
For the record, it *does* look like there is the distinct possibility that a worm/virus is spreading around running BOINC under this guy's name Thanks for the update Matt. I knew it had to be some type of a worm, virus or botnet. Things never added up no matter how many different explanations were theorized. You can hide the program but in the end a specific user has to get the credit! Thanks again! >Fred http://www.teamstarfire.org/ |
Geek@Play Send message Joined: 31 Jul 01 Posts: 2467 Credit: 86,146,931 RAC: 0 |
I thought that I read yesterday that the guy who reported this originally from England said that it looked like a normal Microsoft Windows update when this happened. Maybe Microsoft would be interested? [edit]You have to put forth some effort if you want to be at the top![/edit] Boinc....Boinc....Boinc....Boinc.... |
Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 24,109,481 RAC: 0 |
I thought that I read yesterday that the guy who reported this originally from England said that it looked like a normal Microsoft Windows update when this happened. Maybe Microsoft would be interested?He is from Canada. Someone here theorized that it may have been a bogus MS update email because of the exe file name that was used, "wupdmgr1.exe". The user never verified whether he updated from an email or website. I'll try to clarify this with him. >Fred http://www.teamstarfire.org/ |
Slavik Send message Joined: 23 May 99 Posts: 1 Credit: 386,832 RAC: 0 |
For the record, it *does* look like there is the distinct possibility that a worm/virus is spreading around running BOINC under this guy's name (there are many hosts with his userid, all running windows, and with IP addresses all over the world). That's all the evidence we have, and there's really not much we can do. For what it's worth, are these units at least legit? Virus or no virus, if these units are legit, the results probably should not be discarded. |
Matt Lebofsky Send message Joined: 1 Mar 99 Posts: 1444 Credit: 957,058 RAC: 0 |
By the way, it should be noted that if any of y'all do manage to get a copy of the infected wupdmgr1.exe, please send a copy to me or tell me how to get it. Don't worry, I don't work on any windows machines (just solaris, linux, and macs of course). And yes.. if the results that are returned by these infected computers are validated, we keep the signals. - Matt -- BOINC/SETI@home network/web/science/development person -- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude |
Project III Send message Joined: 7 Oct 04 Posts: 106 Credit: 442,001 RAC: 1 |
Matt- My concern lies not in the safety of other people's computers. Those who know how to defend themselves against virii will be fine, and those who don't... well... just like you said in your blog... Anyway, my concern lies in the implications this will have on the competition of SETI@home. I'm worried that the message is being sent out that making virii to boost your seti stats is acceptable, and that as a result people will openly continue to write more and more of them. I started my team, SETI.USA, because I saw an opportunity to become the top team in the world, legitimately, and thought that it would be fun to try. However, all the fun is gone when people start resorting to means outside of the rules. I realize it's still unknown whether Carsten is responsible, and I don't have any suggestions for resolving this. I just feel that this is a concern most of us have, and a concern that wasn't being recognized. Most of us have a lot of fun competing in SETI@home, but this takes most of the fun out of it. SETI.USA |
Fred G Send message Joined: 17 May 99 Posts: 185 Credit: 24,109,481 RAC: 0 |
By the way, it should be noted that if any of y'all do manage to get a copy of the infected wupdmgr1.exe, please send a copy to me or tell me how to get it. I'll get a copy from him. As soon as I get it I'll let you know. >Fred http://www.teamstarfire.org/ |
Geek@Play Send message Joined: 31 Jul 01 Posts: 2467 Credit: 86,146,931 RAC: 0 |
Matt- I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not! Boinc....Boinc....Boinc....Boinc.... |
Matt Lebofsky Send message Joined: 1 Mar 99 Posts: 1444 Credit: 957,058 RAC: 0 |
I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not! I agree as well. Whatever happens I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly. - Matt -- BOINC/SETI@home network/web/science/development person -- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude |
Project III Send message Joined: 7 Oct 04 Posts: 106 Credit: 442,001 RAC: 1 |
I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly. I was going to ask if you could do that, but I thought it might be too difficult. Thanks for your work, Matt. SETI.USA |
Geek@Play Send message Joined: 31 Jul 01 Posts: 2467 Credit: 86,146,931 RAC: 0 |
I agree as well. Whatever happens I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly. Thanks Matt...it's nice to have you around to keep us in line! Boinc....Boinc....Boinc....Boinc.... |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
As was already told by others, the damage of this incident caused to BOINC and to its projects may be huge, and what is even worse, we can be almost certain that this case will not stay isolate. When people see it is possible, there maybe be soon crowds of others trying to do the same. Some followers may use more primitive methods, like simple Trojans, or instalation scripts, other may invent even more sophisticated viruses. If security antivirus/antimalware/firewall companies start banning BOINC, it may be too late to begin with the damage control. When I spoke about the damage control since the beginning, I did not necessarily mean PR or medialization of the case. The damage control means reporting it to the responsible authorities - i.e. CPAN, or other security organizations, maybe even law enforcement, but what is especially necessary is building in a security mechanism that avoids unattended and stealth installations. Of course, it must not be only client based, since the crook can compile a modified client - it must include server - client security handshake with forced user input - the most common and simplest is generating of slightly obfuscated code that cannot be OCR-ed and must be entered by a human. Such simple security mechanism will at least plug this hole, but more protection may be needed. As long as it is not included, security companies cannot be blamed if they start blocking BOINC. trux BOINC software Freediving Team Czech Republic |
kevint Send message Joined: 17 May 99 Posts: 414 Credit: 11,680,240 RAC: 0 |
I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not! Thanks for the update - I belive that if he is found quilty that his TOTAL credits be removed - including all credits he crunched while with any team he may have been with. Just a personal feeling is all. |
Steve @ SETI.USA Send message Joined: 5 Sep 04 Posts: 189 Credit: 1,016,797 RAC: 0 |
I feel that, if he is found guilty, he should have all credit removed. Keep the signals, but remove all credit. I don't think anyone should waste time trying to be 'fair' with someone who would do this. If guilty, he should be made an example to others who would try the same thing. Zero Tolerance! Just my 2 pennies... http://www.setiusa.net |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
As was already told by others, the damage of this incident caused to BOINC and to its projects may be huge, and what is even worse, we can be almost certain that this case will not stay isolate. Or maybe it can be. I have read the whole Starfire thread and have seen the pictures the person provided. There is NO BOINC. Whoever cleverly made this, has gotten setiathome_4.18.exe to run almost stand alone, probably with the wupdmgr1.exe only doing the up&downloads. It won't hurt other projects as much, as no other project has the science application in Open Source. The threat of this thing may also be over soon if we can release Seti-Enhanced quickly enough. If SE takes over from 4.18, then all those "worms" will starve to death... until the person who made it updates it to SE, of course. At least it's a wake up call for the BOINC/Seti developers. |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
...There is NO BOINC. Whoever cleverly made this, has gotten setiathome_4.18.exe to run almost stand alone, probably with the wupdmgr1.exe only doing the up&downloads.I hate to disapoint you, but you can rename boinc.exe to whatever you want. All it takes are as many keystrokes as the new name has. No rocket science, no Open Source programming. It won't hurt other projects as much, as no other project has the science application in Open Source.It has nothing to do with the openess of the project. You can simply take an available virus kit (there are plenty of them around) and change the payload or the download to whatever you want. It makes no difference if it is Open Source S@H or closed source Einstein@Home or whatever else. trux BOINC software Freediving Team Czech Republic |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
I hate to disapoint you, but you can rename boinc.exe to whatever you want. All it takes are as many keystrokes as the new name has. No rocket science, no Open Source programming. Okay, I take your word for that. That is, if wupdmgr1.exe is running from the system32 directory. The OP was never clear on that. Can Boinc.exe run (under whatever assumed name) from for instance Program Files, while the rest is under system32? |
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 |
Okay, I take your word for that. That is, if wupdmgr1.exe is running from the system32 directory. The OP was never clear on that. Can Boinc.exe run (under whatever assumed name) from for instance Program Files, while the rest is under system32?You can run any executable in any location you wish. Boinc core searches the needed files in the subdirectory structure based on its location (just like many other programs). In this case the renamed boinc.exe and all BOINC subdirs were within system32 trux BOINC software Freediving Team Czech Republic |
kevint Send message Joined: 17 May 99 Posts: 414 Credit: 11,680,240 RAC: 0 |
Okay, I take your word for that. That is, if wupdmgr1.exe is running from the system32 directory. The OP was never clear on that. Can Boinc.exe run (under whatever assumed name) from for instance Program Files, while the rest is under system32?You can run any executable in any location you wish. Boinc core searches the needed files in the subdirectory structure based on its location (just like many other programs). In this case the renamed boinc.exe and all BOINC subdirs were within system32 For some reason I think this topic needs to be limited. No idea who is reading this - could be some people out there that could take this information and make a lot of trouble for all of us. It is just that some information should not be displayed in a public forum. Careful here. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.