Trojan boinc installation by rogue member

Message boards : Number crunching : Trojan boinc installation by rogue member
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Saenger
Volunteer tester
Avatar

Send message
Joined: 3 Apr 99
Posts: 2452
Credit: 33,281
RAC: 0
Germany
Message 520828 - Posted: 21 Feb 2007, 6:47:27 UTC

I found this post on the CPDN board:

The person in question is Wate, his/her data are in the links in the quote.
It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.

In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.

About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.

The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.

Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.

Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.

Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.

How can we prevent our own computer being similarly compromised by frauds and spammers?

*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).

*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.

*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.

*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.

*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.

*If your computer behaves unexpectedly, post on the forums.


Here is Wate:

http://www.boincstats.com/stats/boinc_user_graph.php?pr=bo&id=873722

http://climateapps2.oucs.ox.ac.uk/cpdnboinc/show_user.php?userid=188887

http://boinc.berkeley.edu/chart_list.php

http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.

This thread can be used for discussion, reprobation and ridicule.


Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 520828 · Report as offensive
Profile mikey
Volunteer tester
Avatar

Send message
Joined: 17 Dec 99
Posts: 4215
Credit: 3,474,603
RAC: 0
United States
Message 520871 - Posted: 21 Feb 2007, 10:53:39 UTC - in response to Message 520828.  

I found this post on the CPDN board:
The person in question is Wate, his/her data are in the links in the quote.
[quote]It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.


Let me start of by saying this user, Wate, did a VERY BAD THING!!!!
However that being said it is an interesting way to get more people to participate in Boinc. Kind of like AOL paying to have their icon on the desktop of every store bought computer sold over that past many years. Too bad Boinc doesn't have the money and clought to have the icon put on every pc sold in the World. Installing and auto running Boinc would not be a good thing, BUT having the icon on the desktop and then having it bring up a small document/pdf file which had a link in it to an account manager that made signing up super easy, would be a VERY GOOD THING! Especially if it were on EVERY desktop sold in the World.
ID: 520871 · Report as offensive
Boinc_Master_2
Avatar

Send message
Joined: 20 Aug 05
Posts: 131
Credit: 689,756
RAC: 0
United Kingdom
Message 520889 - Posted: 21 Feb 2007, 11:47:49 UTC

Well there are a number of points here.

Firstly this user is a 100% cheat and should be banned from BOINC permanently. If this story reaches the popular press, it will bring discredit upon distributed computing generally, and Boinc/Seti specifically.

Secondly, what a shame that someone with all that techical expertise to have been able to have done that, didn't use it to legitimally to help out producing enhanced apps etc.

As per your point about having a Boinc install icon on every PC sold, that would effectively mean, Microsoft agreeing to include it as part of Windows, which of course they would never do. Apart from that, if the Boinc userbase suddenly doubled or trebled, theres no way the the various projects servers/hardware could cope with the resulting traffic.

However, there maybe some mileage in the principle of what you suggest. Supposing a computer manufacturer agreed to include a Boinc installation icon on each of their computers sold? That might not swamp Berkeley too much. Recently Dell announced that Michael Dell, the original founder of Dell, had been reinstalled as CEO of Dell, replacing Kevin Rollins. He is well known to be a computing entrepreneur, and has his own foundation which has already funded computer science at University of Texas.

Perhaps Fuzzy or someone should write to him about Boinc, as a new broom in the chair, who knows???


Philanthropy

On May 15, 2006, The University of Texas at Austin announced a US$50 million grant from the Michael and Susan Dell Foundation to "bring excellence in children's health and education to Austin". The grant will enable the construction of 3 new facilities at the university. The first is the Dell Pediatric Research Institute which is expected to complement the new Dell Children's Medical Center nearby. The second is a new computer science building on the UT campus named Dell Computer Science Hall. The third is the Michael and Susan Dell Center for Advancement of Healthy Living, which is intended to address issues that affect healthy childhood development.[2]



ID: 520889 · Report as offensive
Profile champ
Volunteer tester
Avatar

Send message
Joined: 12 Mar 03
Posts: 3642
Credit: 1,489,147
RAC: 0
Germany
Message 520905 - Posted: 21 Feb 2007, 12:48:28 UTC

This is a very bad thing. If he/she has done that, he/she must banned permanently.

Is there a statment by Wate? Please do not blame someone without his/her statment.


ID: 520905 · Report as offensive
Dark Angel
Volunteer tester
Avatar

Send message
Joined: 26 Aug 01
Posts: 432
Credit: 2,673,754
RAC: 0
United States
Message 520916 - Posted: 21 Feb 2007, 13:27:01 UTC
Last modified: 21 Feb 2007, 13:28:09 UTC

Food for thought...Wate produces a trojan that installs BOINC on computers around the world...1500 plus systems...did Wate really think this wasn't going to be traceable...more so then that they also have at berkeley on the registration servers the email address for Wate...if it's even valid...they would also have his IP address so if someone was to file a legal complaint and law enforcement was smart enough to do some computer forensic work they could trace Wate and shut down one more virus writer.

ID: 520916 · Report as offensive
Profile Fuzzy Hollynoodles
Volunteer tester
Avatar

Send message
Joined: 3 Apr 99
Posts: 9659
Credit: 251,998
RAC: 0
Message 520939 - Posted: 21 Feb 2007, 13:51:49 UTC - in response to Message 520889.  

Well there are a number of points here.

Firstly this user is a 100% cheat and should be banned from BOINC permanently. If this story reaches the popular press, it will bring discredit upon distributed computing generally, and Boinc/Seti specifically.

Secondly, what a shame that someone with all that techical expertise to have been able to have done that, didn't use it to legitimally to help out producing enhanced apps etc.

As per your point about having a Boinc install icon on every PC sold, that would effectively mean, Microsoft agreeing to include it as part of Windows, which of course they would never do. Apart from that, if the Boinc userbase suddenly doubled or trebled, theres no way the the various projects servers/hardware could cope with the resulting traffic.

However, there maybe some mileage in the principle of what you suggest. Supposing a computer manufacturer agreed to include a Boinc installation icon on each of their computers sold? That might not swamp Berkeley too much. Recently Dell announced that Michael Dell, the original founder of Dell, had been reinstalled as CEO of Dell, replacing Kevin Rollins. He is well known to be a computing entrepreneur, and has his own foundation which has already funded computer science at University of Texas.

Perhaps Fuzzy or someone should write to him about Boinc, as a new broom in the chair, who knows???


Philanthropy

On May 15, 2006, The University of Texas at Austin announced a US$50 million grant from the Michael and Susan Dell Foundation to "bring excellence in children's health and education to Austin". The grant will enable the construction of 3 new facilities at the university. The first is the Dell Pediatric Research Institute which is expected to complement the new Dell Children's Medical Center nearby. The second is a new computer science building on the UT campus named Dell Computer Science Hall. The third is the Michael and Susan Dell Center for Advancement of Healthy Living, which is intended to address issues that affect healthy childhood development.[2]




Thanks, Boinc Master 2, I'll discuss this with Pappa and Eric. :-)

About the trojan, it was discovered last summer I think, and it caused a lot of turmoil here on this board.


"I'm trying to maintain a shred of dignity in this world." - Me

ID: 520939 · Report as offensive
Profile Dr. C.E.T.I.
Avatar

Send message
Joined: 29 Feb 00
Posts: 16019
Credit: 794,685
RAC: 0
United States
Message 520954 - Posted: 21 Feb 2007, 14:46:47 UTC
Last modified: 21 Feb 2007, 15:13:01 UTC


note: amongst this 'Wate' Comments in the Following Thread

Computer has become slow . . .

Message 1324 - Posted 30 Jun 2005 14:50:03 UTC
My computer (http://burp.boinc.dk/show_host_detail.php?hostid=1584) has become slow when opening a menu like the one when you right click something; it takes more than two seconds for the "animation" before the menu becomes active, after which it works normally. Also, when scrolling a web page with the mouse wheel or by clicking the scroll bar, my computer runs at like 2 fps.

This started after the current BURP test began, and my computer is still acting slow after suspending BURP and restarting. I used BOINC 4.43 and upgraded to 4.45 a few minutes ago.



Wate's Computer - My computer Links to Anonymous

see Wate's - Results for computer

strange EH ?

ID: 520954 · Report as offensive
Profile tullio
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 8797
Credit: 2,930,782
RAC: 1
Italy
Message 521011 - Posted: 21 Feb 2007, 17:09:28 UTC

If you go to the BOINC site, you'll find a WATE as number 5 top user.
Do they know all this or they just do not care?
Tullio
ID: 521011 · Report as offensive
Profile Misfit
Volunteer tester
Avatar

Send message
Joined: 21 Jun 01
Posts: 21804
Credit: 2,815,091
RAC: 0
United States
Message 521366 - Posted: 22 Feb 2007, 3:04:51 UTC
Last modified: 25 Mar 2007, 21:37:42 UTC

As I understand it David has already spoken with Microsoft about getting BOINC included in Windows. That was a long time ago too.
me@rescam.org
ID: 521366 · Report as offensive
Profile champ
Volunteer tester
Avatar

Send message
Joined: 12 Mar 03
Posts: 3642
Credit: 1,489,147
RAC: 0
Germany
Message 521582 - Posted: 22 Feb 2007, 13:31:03 UTC - in response to Message 521366.  

As I understand it David has already spoken with Microsoft about getting BOINC included in Windows. That was a long time ago too.


Its time for a recall, now!!!!
ID: 521582 · Report as offensive
Profile Saenger
Volunteer tester
Avatar

Send message
Joined: 3 Apr 99
Posts: 2452
Credit: 33,281
RAC: 0
Germany
Message 535662 - Posted: 23 Mar 2007, 20:18:17 UTC
Last modified: 23 Mar 2007, 20:19:13 UTC

The admins at Predictor failed to act on the criminal hacker Wate.

They went as far as to censor every discussion on the boards regarding tis topic, and banning crunchers for mentioning it or starting threads about it.

It will be fine if you go over there and post some support for those who stand up against this condonement of criminal behaviour by the project admins. But beware: If you start posting there, you might be banned quicker as you can count to 10.

I strongly suggest to stop crunching for Predictor as long as they refuse to act on behalf of Wate.

Here are the two relevant threads (both closed by admins):

the counterpart of this one (closed without reason given, follow-ups were deleted)

about the censorship (original about 20 posts long)
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 535662 · Report as offensive
Profile Jason Safoutin
Volunteer tester
Avatar

Send message
Joined: 8 Sep 05
Posts: 1386
Credit: 200,389
RAC: 0
United States
Message 535806 - Posted: 24 Mar 2007, 4:42:14 UTC - in response to Message 520889.  

Well there are a number of points here.

Firstly this user is a 100% cheat and should be banned from BOINC permanently. If this story reaches the popular press, it will bring discredit upon distributed computing generally, and Boinc/Seti specifically.

Secondly, what a shame that someone with all that techical expertise to have been able to have done that, didn't use it to legitimally to help out producing enhanced apps etc.

As per your point about having a Boinc install icon on every PC sold, that would effectively mean, Microsoft agreeing to include it as part of Windows, which of course they would never do. Apart from that, if the Boinc userbase suddenly doubled or trebled, theres no way the the various projects servers/hardware could cope with the resulting traffic.

However, there maybe some mileage in the principle of what you suggest. Supposing a computer manufacturer agreed to include a Boinc installation icon on each of their computers sold? That might not swamp Berkeley too much. Recently Dell announced that Michael Dell, the original founder of Dell, had been reinstalled as CEO of Dell, replacing Kevin Rollins. He is well known to be a computing entrepreneur, and has his own foundation which has already funded computer science at University of Texas.

Perhaps Fuzzy or someone should write to him about Boinc, as a new broom in the chair, who knows???


Philanthropy

On May 15, 2006, The University of Texas at Austin announced a US$50 million grant from the Michael and Susan Dell Foundation to "bring excellence in children's health and education to Austin". The grant will enable the construction of 3 new facilities at the university. The first is the Dell Pediatric Research Institute which is expected to complement the new Dell Children's Medical Center nearby. The second is a new computer science building on the UT campus named Dell Computer Science Hall. The third is the Michael and Susan Dell Center for Advancement of Healthy Living, which is intended to address issues that affect healthy childhood development.[2]




The press? Already did at heise-security: Trojan forced PCs to take part in climate research project

They have, the start of this thread, a written statement basically out in the public view for anyone to see and didn't bother to ask the details or what the cause of the incident was. I hate commercial media because the not only Hype up a story in a bad way by out right discrediting BOINC, they insert their Point OF View of the situation. Theat why I freelance at Wikinews...Neutral Point of View and report all the facts and get all the right facts. BUT the good news is this has been the only article I have been able to come across. Point is...it wasn't BOINCc it was a user and they didn't really mention that...if i had read this article before this post, i would have thought it to be BOINC's fault.
"By faith we understand that the universe was formed at God's command, so that what is seen was not made out of what was visible". Hebrews 11.3

ID: 535806 · Report as offensive
Profile TimeLord04
Volunteer tester
Avatar

Send message
Joined: 9 Mar 06
Posts: 21140
Credit: 33,933,039
RAC: 23
United States
Message 535823 - Posted: 24 Mar 2007, 5:06:47 UTC

OK - I have created a support of the Ban on Predictor post in the Calm Chaos Team Recruitment Thread. The contents of that post are as follows:


==========================================

OK - This really REALLY ticks me off!!!


The Admins/Mods at Predictor are actively banning ANYONE who speaks out against Wate, (the hacker/criminal element that used a Trojan to blindly install BOINC on computers without the owners of the computers knowledge; nor consent), in any way shape or form. According to Saenger, this blatant heavy handedness occurred today. See the following:


Members banned at Predictor.

Trojan boinc installation by rogue member.



I highly suggest that any Calm Chaos Teammates presently crunching for Predictor cease and desist crunching for that Project until they lift the ban on the 20+ Boinc Synergy crunchers, as well as others whom are presently banned for only utilizing the First Amendment, "Free Speech". Wate is the proven criminal and hacker, and Predictor and Staff need to zero out Wate's credits and ban him/her, not the innocent people lodging an honest complaint!

==========================================


I'm sure that the other Team Members of Calm Chaos will join in supporting the Ban on Predictor@Home.


Sincerely,


TimeLord04
Have TARDIS, will travel...
Come along K-9!
Join Calm Chaos
ID: 535823 · Report as offensive
Profile Misfit
Volunteer tester
Avatar

Send message
Joined: 21 Jun 01
Posts: 21804
Credit: 2,815,091
RAC: 0
United States
Message 536885 - Posted: 25 Mar 2007, 21:37:27 UTC - in response to Message 535823.  
Last modified: 25 Mar 2007, 21:37:57 UTC

Click here to vote for my Predictor profile! :-)
Vote recommend and vote often!

Join the Banned for Life team!
me@rescam.org
ID: 536885 · Report as offensive
Profile zoom3+1=4
Volunteer tester
Avatar

Send message
Joined: 30 Nov 03
Posts: 65709
Credit: 55,293,173
RAC: 49
United States
Message 536922 - Posted: 25 Mar 2007, 23:36:22 UTC
Last modified: 25 Mar 2007, 23:36:37 UTC

Well I got banned It looks like(Not enough credits now, So much for 3,308 of them), That admin there doesn't play too well with others, But the guys bound and determined to quell dissent, I hope not at any cost though. Anyone know Who His boss is? Of course If I wanted to be a pest, I could post again, If He's not blocking by ip that is. The more they streamline the plumbing, the easier it is to plug up the drain. I think Scotty said that in the Search for Spock movie or somethng to that effect.
The T1 Trust, PRR T1 Class 4-4-4-4 #5550, 1 of America's First HST's
ID: 536922 · Report as offensive
Profile htrae
Volunteer tester
Avatar

Send message
Joined: 3 Apr 99
Posts: 241
Credit: 768,379
RAC: 0
Canada
Message 536940 - Posted: 26 Mar 2007, 0:21:49 UTC - in response to Message 536922.  

Well I got banned It looks like(Not enough credits now, So much for 3,308 of them), That admin there doesn't play too well with others, But the guys bound and determined to quell dissent, I hope not at any cost though. Anyone know Who His boss is? Of course If I wanted to be a pest, I could post again, If He's not blocking by ip that is. The more they streamline the plumbing, the easier it is to plug up the drain. I think Scotty said that in the Search for Spock movie or somethng to that effect.


"Aye sir, the more they overtech the plumbing, the easier it is to stop up the drain."

Scotty Quotes
ID: 536940 · Report as offensive

Message boards : Number crunching : Trojan boinc installation by rogue member


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.