Do we have a Boinc virus?


log in

Advanced search

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 . . . 5 · 6 · 7 · 8 · 9 · 10 · 11 . . . 27 · Next
Author Message
Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 6
United States
Message 241100 - Posted: 2 Feb 2006, 17:38:19 UTC - in response to Message 241095.

Not quite true. For instance, Kaspersky Lab calls it "Trusted riskware - not-a-virus:NetTool.Win32.Calc-SETI@Home". And many other might stuff it harder. Here is Kaspersky's list: http://www.viruslist.com/en/find?search_mode=full&words=seti

Peter


Thanks for the link, and credit to Kaspersky Labs for taking the effort to try to differentiate the difference between the actual malware and the potential legitmate but compromised payload it delivers.

The thought occurred to me that the real goal may not be to plant SETI on new hosts, but rather to compromise already existing installations with a trojanized version.

Alinator

Profile Darth Dogbytes™
Volunteer tester
Send message
Joined: 30 Jul 03
Posts: 7512
Credit: 2,021,148
RAC: 0
United States
Message 241132 - Posted: 2 Feb 2006, 19:02:15 UTC
Last modified: 2 Feb 2006, 19:12:05 UTC

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

Test your AVP using http://www.eicar.com/anti_virus_test_file.htm test string. If that doesn't trigger a virus warning, your AVP is possibly compromisesd.
Update your AVP .dat files now.
Run a full system scan, now.
Make clean backups now.

Link to CNN plain language article about the Kama Sutra Worm.

____________
Account frozen...

1mp0£173
Volunteer tester
Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 241180 - Posted: 2 Feb 2006, 20:26:03 UTC - in response to Message 241132.

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

Test your AVP using http://www.eicar.com/anti_virus_test_file.htm test string. If that doesn't trigger a virus warning, your AVP is possibly compromisesd.
Update your AVP .dat files now.
Run a full system scan, now.
Make clean backups now.

Link to CNN plain language article about the Kama Sutra Worm.

<rant>
It's been three centuries since the Greeks took the city of Troy.

Why haven't we learned to leave the horse outside the city?

Free porn indeed! Think of this as evolution in action.

I'll get off my soapbox now.
</rant>

____________

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 6
United States
Message 241188 - Posted: 2 Feb 2006, 20:41:34 UTC - in response to Message 241180.


<snip>
<rant>
It's been three centuries since the Greeks took the city of Troy.

Why haven't we learned to leave the horse outside the city?

Free porn indeed! Think of this as evolution in action.

I'll get off my soapbox now.
</rant>


LOL, perhaps because hope springs eternal that life isn't a zero sum game? :-)

Alinator

Profile Darth Dogbytes™
Volunteer tester
Send message
Joined: 30 Jul 03
Posts: 7512
Credit: 2,021,148
RAC: 0
United States
Message 241189 - Posted: 2 Feb 2006, 20:45:43 UTC - in response to Message 241180.
Last modified: 2 Feb 2006, 20:49:44 UTC

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

Test your AVP using http://www.eicar.com/anti_virus_test_file.htm test string. If that doesn't trigger a virus warning, your AVP is possibly compromisesd.
Update your AVP .dat files now.
Run a full system scan, now.
Make clean backups now.

Link to CNN plain language article about the Kama Sutra Worm.

<rant>
It's been three centuries since the Greeks took the city of Troy.

Why haven't we learned to leave the horse outside the city?

Free porn indeed! Think of this as evolution in action.

I'll get off my soapbox now.
</rant>


3 Centuries?


____________
Account frozen...

J D K
Volunteer tester
Avatar
Send message
Joined: 26 May 04
Posts: 1295
Credit: 311,371
RAC: 0
United States
Message 241197 - Posted: 2 Feb 2006, 20:59:21 UTC

FYI ;0)


Description:
The earliest settlement at Troy was in the Early Bronze Age at ca. 3000 B.C. This small fortified settlement was destroyed by fire and was followed by Troy II (2500-2200 B.C.), which Schliemann incorrectly believed to have been the city of Priam. Settlement continued throughout the Bronze Age at the site. The latest prehistoric levels are Troy VI (1800-1275 B.C.) and Troy VII (1275-1100 B.C.) and scholars debate which of these levels represent the city of Priam and scene of the Trojan War.

Following the end of the Late Bronze Age there was a 400 year hiatus at the site until it was resettled at ca. 700 B.C. by Greek colonists, possibly from Lesbos or Tenedos. The Early Iron Age city (Troy VIII) was founded with the name Ilion and believed at the time to be the site of Homeric Troy. The city had little political power, but was symbolically important. It was under Persian control from the 6th century B.C. until the liberation of Asia Minor by Alexander the Great in 334 B.C.

In 480 B.C. Xerxes halted at Troy to sacrifice a thousand oxen before crossing the Hellespont into Greece. In 334 B.C. Alexander went to Troy immediately after crossing into Asia Minor to make an offering. Following the death of Alexander in 323 B.C., his successor in Thrace had a new temple of Athena built at the city. Julius Caesar, who believed himself to be a direct descendant of Priam, visited the city and gave it immunity from taxation. In the reign of Augustus the city and the sanctuary of Athena under went a large rebuilding program. Constantine considered Troy as a possible site for his new capital before chosing Byzantium, and as late as A.D. 355 the site was visited by the emperor Julian. By the 4th century A.D., however, the site was little more than a small farming community and by the 12th century A.D. it was completely abandoned.

____________
And the beat goes on
Sonny and Cher

BOINC Wiki

Profile Do Keep Trying
Volunteer tester
Avatar
Send message
Joined: 25 Aug 99
Posts: 9201
Credit: 1,278,714
RAC: 0
United States
Message 241202 - Posted: 2 Feb 2006, 21:13:11 UTC - in response to Message 240580.

P.S. If someone else did this, Carsten would only know about it if he looked at his stats, which not everybody does.
He definitely does - he changed the team from SETI Germany to his own one just few days ago. When doing it, you definitely have to pass through your account, where it is inavoidable that you see your RAC and your total credit. Well, now we can speculate that he has 1000 own hosts, and just this single and only stolen one - in that case you are certainly right - he would not notice the difference. However, I'd rather speculate the ratio is rather in the opposite way. Still only speculations. Hope we see the truth soon.



Oh, I'd say he DEFINTELY is interested in stats and knows very well what his are. The following is from the forum on Seti.Germany's site:
Autor Thread "schlechte Team-Statistik: deutsche Teams"
Carsten_Giese
Beiträge: 1
schlechte Team-Statistik: deutsche Teams (vom 12.01.2006 - 10:49:24) Mit Zitat antworten
Hallo, SetiGermany-Admins,
kann mir jemand die Frage beantworten, warum in Eurer Team-Statistik für die deutschen Teams nur die Teams angezeigt werden sollen, die mehr als 10 Mitglieder haben?

Wir haben auf unseren Firmenservern nur einen Account, haben aber über 6 Millionen Credits im Laufe der Jahre angesammelt. Meiner Meinung nach sollte doch die Anzahl der Credits beim Ranking im Vordergrund stehen und das sollte in Eurer Statistik doch auch durch das Ranking "belohnt" werden.

Wäre schön, wenn Ihr bei Euren Statistiken den Filter "mind. 10 Members" herausnehmen könntet, um auch kleinen und sehr erfolgreichen Teams eine Chance zu geben, bei Euch gelistet zu sein. Ansonsten entsteht doch m. E. der Eindruck, dass hier absichtlich mit Filtern "manipuliert" wird.

Gruß:
Carsten Giese
Deutsches Team "ESC-Consult"





Translation:

Author Thread "bad team statistics: German teams "Carsten_Giese of contributions: 1 bad team statistics: German teams (of 12.01.2006 - the 10:49:24) with quotation answer hello, SetiGermany Admins, can answer someone to me the question, why in your team statistics for the German teams only the teams to be indicated to be supposed, which have more than 10 members? We have on our firm servers only one account, however over 6 million Credits in the course of the years collected. According to my opinion the number of Credits should stand nevertheless with the Ranking in the foreground and that should in your statistics nevertheless also by the Ranking become "recompenced". Would be beautiful, if you with your statistics the filter "mind. 10 Members "to take out would know, in order to give to also small and very successful teams a chance to be listed with you. Otherwise nevertheless m. E. the impression develops that becomes here intentionally with filters "manipulated". Greeting: Carsten Giese German team "ESC Consult"
____________
Account ...

Profile Do Keep Trying
Volunteer tester
Avatar
Send message
Joined: 25 Aug 99
Posts: 9201
Credit: 1,278,714
RAC: 0
United States
Message 241219 - Posted: 2 Feb 2006, 21:39:54 UTC - in response to Message 240744.

Matt-

My concern lies not in the safety of other people's computers. Those who know how to defend themselves against virii will be fine, and those who don't... well... just like you said in your blog...

Anyway, my concern lies in the implications this will have on the competition of SETI@home. I'm worried that the message is being sent out that making virii to boost your seti stats is acceptable, and that as a result people will openly continue to write more and more of them.

I started my team, SETI.USA, because I saw an opportunity to become the top team in the world, legitimately, and thought that it would be fun to try. However, all the fun is gone when people start resorting to means outside of the rules.

I realize it's still unknown whether Carsten is responsible, and I don't have any suggestions for resolving this. I just feel that this is a concern most of us have, and a concern that wasn't being recognized. Most of us have a lot of fun competing in SETI@home, but this takes most of the fun out of it.


I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not!



Aren't the stats basically meaningless anyway?
(I am simply astounded how much time ppl appear to put into thinking about them and complaining.)
Bottom line, I think, is this: you can have all the credits in the world that you want, and still not be one of the ppl credited with crunching a work unit with a good strong signal candidate. By running just 2 computers, I am in the running for that.
____________
Account ...

Alinator
Volunteer tester
Send message
Joined: 19 Apr 05
Posts: 4178
Credit: 4,647,982
RAC: 6
United States
Message 241233 - Posted: 2 Feb 2006, 22:08:11 UTC - in response to Message 241219.

Aren't the stats basically meaningless anyway?
(I am simply astounded how much time ppl appear to put into thinking about them and complaining.)
Bottom line, I think, is this: you can have all the credits in the world that you want, and still not be one of the ppl credited with crunching a work unit with a good strong signal candidate. By running just 2 computers, I am in the running for that.


LOL, good point! I suppose it's like the lottery, unless you "win" it was all a big "waste". At least with BOINC, everyone can see how much "cash" you're blowing on it. :-)

Alinator

Redbaron
Volunteer tester
Send message
Joined: 30 Apr 01
Posts: 1
Credit: 168,397
RAC: 0
Germany
Message 241236 - Posted: 2 Feb 2006, 22:17:48 UTC

Here some Info about the skills of C. Giese

Ausbildung: Diplom-Informatiker

Berufserfahrung:NetAPI-Entwicklung Microsoft
Leiter Systemmangement des Rechenzentrums RUBIN im Bundesverteidigungsministerium

found at : http://elearn.prokoda.de/Hall/cgiese.htm



JR

Profile MikeSW17
Volunteer tester
Send message
Joined: 3 Apr 99
Posts: 1603
Credit: 2,700,523
RAC: 0
United Kingdom
Message 241255 - Posted: 2 Feb 2006, 23:06:37 UTC - in response to Message 241236.

Here some Info about the skills of C. Giese

Ausbildung: Diplom-Informatiker

Berufserfahrung:NetAPI-Entwicklung Microsoft
Leiter Systemmangement des Rechenzentrums RUBIN im Bundesverteidigungsministerium

found at : http://elearn.prokoda.de/Hall/cgiese.htm

JR


Well, at least Google made some sense of it:


Training: Diploma computer scientist Berufserfahrung:NetAPI Berufserfahrung:NetAPI-Entwicklung Microsoft leader Systemmangement of the computing centre RUBY in the Federal Ministry of Defense

____________

1mp0£173
Volunteer tester
Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 241305 - Posted: 3 Feb 2006, 0:49:20 UTC - in response to Message 241189.

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

Test your AVP using http://www.eicar.com/anti_virus_test_file.htm test string. If that doesn't trigger a virus warning, your AVP is possibly compromisesd.
Update your AVP .dat files now.
Run a full system scan, now.
Make clean backups now.

Link to CNN plain language article about the Kama Sutra Worm.

<rant>
It's been three centuries since the Greeks took the city of Troy.

Why haven't we learned to leave the horse outside the city?

Free porn indeed! Think of this as evolution in action.

I'll get off my soapbox now.
</rant>


3 Centuries?



Okay, so I'm off by one order of magnitude.

Point is: there was a pretty horse. It was all shiny, and it had wheels. The people of Troy brought the pretty horse inside the walls. It got dark, the bad soldiers inside came out, opened the gates, and the rest is, as they say, History.

We should know by now that not everything is as it seems, and it's really best to leave the damn Trojan Horses alone.

It shouldn't take 300 years to learn that lesson, even if the right number is closer to 3000.
____________

Profile Mchl
Volunteer tester
Avatar
Send message
Joined: 17 Feb 00
Posts: 35
Credit: 231,170
RAC: 0
Poland
Message 241308 - Posted: 3 Feb 2006, 0:58:59 UTC - in response to Message 241305.


We should know by now that not everything is as it seems, and it's really best to leave the damn Trojan Horses alone.

It shouldn't take 300 years to learn that lesson, even if the right number is closer to 3000.


The problem is, if I ask my younger siblings, if they know what a 'trojan horse' is, they don't recall the story of Troy, but rather tell me about malware.
Fine, they're less likely to have their computers infected, but aren't they missing some more general meaning?

Sorry for the offtopic. It is getting late in this timezone.
____________
BOINC@Poland: Polish crossproject team.
http://mchl.republika.pl/boincatpoland/
- Join -

Synister1
Volunteer tester
Avatar
Send message
Joined: 26 Jan 03
Posts: 20
Credit: 678,760
RAC: 0
United States
Message 241378 - Posted: 3 Feb 2006, 4:07:02 UTC

It will verride your current install of boinc. I lost a few months of processing. One day I go look at boinc to find it was processing for another account.

I'm still looking for the software that plugged it into my system.


____________
Theres a Fine Line between Hobby and Mental Illness.

Profile bartsob5
Volunteer tester
Avatar
Send message
Joined: 16 Jun 04
Posts: 10
Credit: 6,715
RAC: 0
Poland
Message 241466 - Posted: 3 Feb 2006, 12:05:05 UTC

maybe it would be a good idea to include to BOINC software some protection option, that won't let processing any BOINC application if there is no folder called projects, or file boincmgr.exe, or even boinc.exe...

it would not make cheating impossible, but for sure it would make it harder, and easier to detect...
____________

Profile bartsob5
Volunteer tester
Avatar
Send message
Joined: 16 Jun 04
Posts: 10
Credit: 6,715
RAC: 0
Poland
Message 241482 - Posted: 3 Feb 2006, 13:22:18 UTC - in response to Message 241466.

maybe it would be a good idea to include to BOINC software some protection option, that won't let processing any BOINC application if there is no folder called projects, or file boincmgr.exe, or even boinc.exe...

it would not make cheating impossible, but for sure it would make it harder, and easier to detect...



or not... reading that forum more carefuly, i found, that there were all BOINC/seti folders...

but then maybe there should be some special codes, that would make, changing name of boinc.exe this file completely unuseful...

____________

Profile trux
Volunteer tester
Avatar
Send message
Joined: 6 Feb 01
Posts: 344
Credit: 1,127,051
RAC: 0
Czech Republic
Message 241490 - Posted: 3 Feb 2006, 14:22:05 UTC - in response to Message 241378.
Last modified: 3 Feb 2006, 14:30:20 UTC

It will verride your current install of boinc. I lost a few months of processing. One day I go look at boinc to find it was processing for another account.

I'm still looking for the software that plugged it into my system.
Wow, so do we have another case here? It not only installs itself in infected/attacked computers, but it also hijacks already present installations of BOINC and replaces the account? Was is the same user (Carsten Giese) or another one? Are you sure it did not happen due to your error or a typo when attaching the project? Do you still have the data and files from the time you discovered it? Did you contact BOINC officials and sent them the data files?

EDIT: This case is ethically even worse than the first one - in the first case, you can at least argue that BOINC installed on "virgin" computers (I mean those without a previous BOINC installation), in fact helps the science, because it does not cause any damage to the PC, and still generates valid results. In the latter case though, the argument is invalid - the only purpose of such hijacking is stupid greed for more credits.

____________
trux
BOINC software
Freediving Team
Czech Republic

Aaron Finney
Volunteer tester
Send message
Joined: 11 Feb 02
Posts: 73
Credit: 202,674
RAC: 0
United States
Message 241494 - Posted: 3 Feb 2006, 14:29:27 UTC - in response to Message 240169.

[sarcasm]

Yet another BOINC Milestone!

[/sarcasm]

:-D
____________

Profile Ageless
Avatar
Send message
Joined: 9 Jun 99
Posts: 12128
Credit: 2,519,735
RAC: 280
Netherlands
Message 241510 - Posted: 3 Feb 2006, 15:30:47 UTC
Last modified: 3 Feb 2006, 15:31:15 UTC

@Fred G: Tell RedSpideR that the better_banner.jpg is part of the Seti screensaver & graphics. It's the static banner in the left lower corner. So it's not something he downloaded with a payload. It is part of Seti.
____________
Jord

Loving awareness is free.

Jim
Avatar
Send message
Joined: 28 Jan 00
Posts: 614
Credit: 2,031,206
RAC: 0
United States
Message 241526 - Posted: 3 Feb 2006, 15:54:32 UTC

The word "cheating" makes my skin crawl. I'm not being high and mighty, but have you ever played golf with someone who cheats? It's frustrating, angering and feels like a waste of time and money. Now please understand, I do not ever intend to abandon SETI or BOINC projects. Never. But I sure do hope, as do you all, that this issue is resolved ASAP for the sake of the reputation of the project. If for no other reason, it's a potetially irresistable juicy carrot to dangle in front of Black Hats.

My $.02
____________

Without love, breath is just a clock ... ticking.
Equilibrium

Previous · 1 . . . 5 · 6 · 7 · 8 · 9 · 10 · 11 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?

Copyright © 2014 University of California