Do we have a Boinc virus?

For the record, it *does* look like there is the distinct possibility that a worm/virus is spreading around running BOINC under this guy's name (there are many hosts with his userid, all running windows, and with IP addresses all over the world). That's all the evidence we have, and there's really not much we can do.

As for PR, we're not going to make an announcement because, as I stated earlier, this would confuse more then calm. We don't have time to do any virus hunting. We'll let the security powers that be deal with this, and if/when any official report shows up on F-Secure or otherwise it will already have been dealt with. Any information we have at that point may be used to adjust credit accordingly. Key word: "may".

- Matt
____________
-- BOINC/SETI@home network/web/science/development person
-- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude

I thought that I read yesterday that the guy who reported this originally from England said that it looked like a normal Microsoft Windows update when this happened. Maybe Microsoft would be interested?

[edit]You have to put forth some effort if you want to be at the top![/edit]


____________
Boinc....Boinc....Boinc....Boinc....

By the way, it should be noted that if any of y'all do manage to get a copy of the infected wupdmgr1.exe, please send a copy to me or tell me how to get it. Don't worry, I don't work on any windows machines (just solaris, linux, and macs of course).

And yes.. if the results that are returned by these infected computers are validated, we keep the signals.

- Matt
____________
-- BOINC/SETI@home network/web/science/development person
-- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude

Matt-

My concern lies not in the safety of other people's computers. Those who know how to defend themselves against virii will be fine, and those who don't... well... just like you said in your blog...

Anyway, my concern lies in the implications this will have on the competition of SETI@home. I'm worried that the message is being sent out that making virii to boost your seti stats is acceptable, and that as a result people will openly continue to write more and more of them.

I started my team, SETI.USA, because I saw an opportunity to become the top team in the world, legitimately, and thought that it would be fun to try. However, all the fun is gone when people start resorting to means outside of the rules.

I realize it's still unknown whether Carsten is responsible, and I don't have any suggestions for resolving this. I just feel that this is a concern most of us have, and a concern that wasn't being recognized. Most of us have a lot of fun competing in SETI@home, but this takes most of the fun out of it.
____________
SETI.USA

Matt-

My concern lies not in the safety of other people's computers. Those who know how to defend themselves against virii will be fine, and those who don't... well... just like you said in your blog...

Anyway, my concern lies in the implications this will have on the competition of SETI@home. I'm worried that the message is being sent out that making virii to boost your seti stats is acceptable, and that as a result people will openly continue to write more and more of them.

I started my team, SETI.USA, because I saw an opportunity to become the top team in the world, legitimately, and thought that it would be fun to try. However, all the fun is gone when people start resorting to means outside of the rules.

I realize it's still unknown whether Carsten is responsible, and I don't have any suggestions for resolving this. I just feel that this is a concern most of us have, and a concern that wasn't being recognized. Most of us have a lot of fun competing in SETI@home, but this takes most of the fun out of it.

I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not!

I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly.

- Matt

I agree as well. Whatever happens I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly.

- Matt

As was already told by others, the damage of this incident caused to BOINC and to its projects may be huge, and what is even worse, we can be almost certain that this case will not stay isolate. When people see it is possible, there maybe be soon crowds of others trying to do the same. Some followers may use more primitive methods, like simple Trojans, or instalation scripts, other may invent even more sophisticated viruses.

If security antivirus/antimalware/firewall companies start banning BOINC, it may be too late to begin with the damage control. When I spoke about the damage control since the beginning, I did not necessarily mean PR or medialization of the case. The damage control means reporting it to the responsible authorities - i.e. CPAN, or other security organizations, maybe even law enforcement, but what is especially necessary is building in a security mechanism that avoids unattended and stealth installations. Of course, it must not be only client based, since the crook can compile a modified client - it must include server - client security handshake with forced user input - the most common and simplest is generating of slightly obfuscated code that cannot be OCR-ed and must be entered by a human. Such simple security mechanism will at least plug this hole, but more protection may be needed. As long as it is not included, security companies cannot be blamed if they start blocking BOINC.
____________
trux
BOINC software
Freediving Team
Czech Republic

I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not!

I agree as well. Whatever happens I'll try to get a list of his "real" hosts versus his "hacked" hosts and adjust credit accordingly.

- Matt

...There is NO BOINC. Whoever cleverly made this, has gotten setiathome_4.18.exe to run almost stand alone, probably with the wupdmgr1.exe only doing the up&downloads.

It won't hurt other projects as much, as no other project has the science application in Open Source.

Okay, I take your word for that. That is, if wupdmgr1.exe is running from the system32 directory. The OP was never clear on that. Can Boinc.exe run (under whatever assumed name) from for instance Program Files, while the rest is under system32?

Okay, I take your word for that. That is, if wupdmgr1.exe is running from the system32 directory. The OP was never clear on that. Can Boinc.exe run (under whatever assumed name) from for instance Program Files, while the rest is under system32?

You can run any executable in any location you wish. Boinc core searches the needed files in the subdirectory structure based on its location (just like many other programs). In this case the renamed boinc.exe and all BOINC subdirs were within system32