Message boards :
Number crunching :
Do we have a Boinc virus?
Message board moderation
Previous · 1 · 2 · 3 · 4 · 5 · 6 · 7 . . . 27 · Next
Author | Message |
---|---|
![]() ![]() Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 ![]() |
I do not think it is the same case. This one seems to use different credentials and the classic client. I'd be interested though if it was investigated and the perpetrator persecuted. I mean this is a clearly criminal activity and should be followed up as such, regardless if the author did it in sake of "helping" the science, or just to improve his ranking (and his ego). And since it is not too dificult to track down the account owner, and verifying if it was him who launched the virus, I wonder if the responsible authorities were informed. trux BOINC software Freediving Team Czech Republic |
![]() ![]() Send message Joined: 17 May 99 Posts: 185 Credit: 24,109,481 RAC: 0 ![]() |
I'm thinking that the worm was modified for the user. He changed all the locations, file names and user info. It may not be the one but probably the model for the one we are looking at. http://www.teamstarfire.org/ ![]() |
![]() Send message Joined: 18 Mar 04 Posts: 1547 Credit: 760,577 RAC: 0 ![]() |
|
Hans Dorn ![]() Send message Joined: 3 Apr 99 Posts: 2262 Credit: 26,448,570 RAC: 0 ![]() |
I don't believe that anyone would be stupid enough to link his own business to a bogus seti account. Maybe Carsten could clear things up by posting here. Regards Hans P.S: Since he does training courses on his computers, a lot of people could have gotten access to his credentials |
![]() ![]() Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 ![]() |
Maybe Carsten could clear things up by posting here.Yes, that's what I asked him to do when he replied my email. He wrote he did not know how to write viruses. I wrote I'd be very interested in his opinion and explanation, since I assume he had to see the RAC increase. I am just afraid he won't answer anymore. I am temped to call him, but again, I am no official BOINC representant, and it is not my business to make any such investigation. trux BOINC software Freediving Team Czech Republic |
Astro ![]() Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0 |
sounds fishy to me. My opinion is just that...an opinion, and is only based on hearsay evidence posted here. it's subject to change...of course. |
![]() ![]() Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 ![]() |
Since he does training courses on his computers, a lot of people could have gotten access to his credentialsStill, I believe he would certainly notice that he has far too many hosts in his account. And the single case that came out, was almost certainly not the only one. I do not think he did not know what is going on. But I agree I would love to hear from him some reasonable explanation anyway. trux BOINC software Freediving Team Czech Republic |
Ace41690 Send message Joined: 16 Oct 04 Posts: 141 Credit: 665,626 RAC: 0 ![]() |
Something interesting came up on Team Starfire. A Non Seti member had a problem with "setiathome_4.18_windows_intelx86.exe" running in the background and couldn't get rid of it. After doing a lot of searching we found that it was hidden in his system32 folder and the exe was renamed to "wupdmgr1.exe" Someone went to a lot of trouble to hide everything. We found out the user that is getting the credits and his stats are very interesting. http://setiathome.berkeley.edu/team_display.php?teamid=122736 A one user team and ranked 10th in the world. What do you think? Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. |
Astro ![]() Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0 |
Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. This sounds like the normal operation of Boinc installed as a service. |
Ace41690 Send message Joined: 16 Oct 04 Posts: 141 Credit: 665,626 RAC: 0 ![]() |
Umm i dont know if this has anything to do with a virus. But the process on occasion does not terminate for me either. When i exit Boinc and i mean exit NOT minimize, the process is still running. This doesnt happen very often but it does sometimes. But the same thing also happens when im running CPDN, after i exit Boinc the process is still running. I found out about this a while ago but assumed it was just a bug or something so i never said anything. Both the CPDN and Seti processes will terminate if i click "end process" however. But why would it sometimes end and sometimes not? The process usually goes away when i exit Boinc, but on occasion i notice its still running. |
![]() ![]() Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 ![]() |
Umm i dont know if this has anything to do with a virus.Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC. In the meantime I received another reply from Giese, briefly telling he has no idea how it happened. He did not explain why he did not react when seeing unknown hosts in his account manager, or the increase in RAC. trux BOINC software Freediving Team Czech Republic |
Astro ![]() Send message Joined: 16 Apr 02 Posts: 8026 Credit: 600,015 RAC: 0 |
I've seen PPAH stay running after boinc shut down, but not any other program. This was 9-12 months ago or so, and I haven't seen it since. I don't know. |
![]() Send message Joined: 3 Apr 99 Posts: 1603 Credit: 2,700,523 RAC: 0 ![]() |
Sure, but what or who are the 'right places' to inform, how to contact them? When the 'right places' start getting hundreds of reports of a program called BOINC mysteriously using 100% of their CPU, how do you think the right places will notice one little e-mail saying 'Hi guys, BOINC is alright, I promise, I wrote it'. The problem is that rumor and conspiracy theory is bigger than and travels faster than, the truth. This thread is already no doubt being indexed by Google. Don't expect someone using the search words 'BOINC virus' to bother with the tiny detail of reading the text, a match will be enough to prove the case. If certain critical mass is reached, there will be 1000s of know-nothings reporting bad news, for every 1 who does know trying to tell the truth. The larger number wins. ![]() |
John McLeod VII Send message Joined: 15 Jul 99 Posts: 24806 Credit: 790,712 RAC: 0 ![]() |
Matt is one of the right people, and I assume that he knows about the problem because he has replied to the thread. Leav it to him. ![]() ![]() BOINC WIKI |
SURVEYOR Send message Joined: 19 Oct 02 Posts: 375 Credit: 608,422 RAC: 0 ![]() |
HIDDEN COMPUTERS Do I need to say more? Fred BOINC Alpha, BOINC Beta, LHC Alpha, Einstein Alpha ![]() ![]() |
![]() ![]() Send message Joined: 15 Apr 99 Posts: 1546 Credit: 3,438,823 RAC: 0 ![]() |
Umm i dont know if this has anything to do with a virus.Yes, I have my doubts about the virus part, but even if it was not installed by a virus, it still does not explain how a Brittish (?) guy got BOINC account of a German guy installed on his PC. Hi Trux (Ivo), :D i totally agree with your point and since your're allready in contact with "Carsten Giese" you could ask him to change his password. ( This would emliminate the abouse if his email accout and his password, but still left the attaching via account key open, but anyhow one chance to get the thing resolved and only one choice left that the "abused" account info is not using the password and email to attach to the project). P.S. you've got my email adress :D ![]() Join BOINC United now! |
![]() Send message Joined: 30 Jul 03 Posts: 7512 Credit: 2,021,148 RAC: 0 ![]() |
I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. From what I understand, Matt is leading the investigation. Account frozen... |
John McLeod VII Send message Joined: 15 Jul 99 Posts: 24806 Credit: 790,712 RAC: 0 ![]() |
I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. Like I said, Matt is one of the devs, and once I say his post, I knew that they were aware of the problem. It is good that they are actively looking into it. ![]() ![]() BOINC WIKI |
![]() ![]() Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
I just got off the phone with Rom Walton, one of the Berkeley Devs. He informed me that they (SSL/project devs) are aware of this situation, and that they are currently investigating it. It will be given their full attention. As I posted 7 hours ago, I mailed both Matt Lebofski and Rom Walton with a link to this thread. So I don't think it's necessary to do anything further, as they are aware of it. "I'm trying to maintain a shred of dignity in this world." - Me ![]() |
![]() ![]() Send message Joined: 8 Oct 04 Posts: 153 Credit: 415,035 RAC: 0 ![]() |
so lets all just wait and see what happens. Something will turn up. Join the team, SETI.USA We are growing and could use your help to overcome SETI.Germany...www.setiusa.net ![]() |
©2025 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.