Trojan boinc installation by rogue member

Saenger
Saenger
Joined: 15 Feb 05
Posts: 403
Credit: 25,168,257
RAC: 9,049
Topic 192463

I just found this post on the CPDN board:

The person in question is Wate, who is crunching (and abusing others) here as well. Is there anything been done about hin(her?

Quote:

It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.

In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.

About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.

The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.

Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.

Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.

Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.

How can we prevent our own computer being similarly compromised by frauds and spammers?

*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).

*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.

*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.

*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.

*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.

*If your computer behaves unexpectedly, post on the forums.

Here is Wate:

http://www.boincstats.com/stats/boinc_user_graph.php?pr=bo&id=873722

http://climateapps2.oucs.ox.ac.uk/cpdnboinc/show_user.php?userid=188887

http://boinc.berkeley.edu/chart_list.php

http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.

This thread can be used for discussion, reprobation and ridicule.


Grüße vom Sänger

astro-marwil
astro-marwil
Joined: 28 May 05
Posts: 438
Credit: 156,758,708
RAC: 33,063

Trojan boinc installation by rogue member

This seems to me an very important hint. I hope, the server crew will have an eye on that after they have solve the problems there are. But they are on a very promissing path now. Within a few hours today my list of pending files was shrinking by about 20% !

Mike Hewson
Mike Hewson
Moderator
Joined: 1 Dec 05
Posts: 6,124
Credit: 126,275,595
RAC: 22,824

Hmmmm.... Thanks for bringing

Hmmmm.... Thanks for bringing that up.
An automatic service type install?
Odd fellow, and a thief too.
Sigh .... where there's a will there's a way... :-(

Cheers, Mike.

I have made this letter longer than usual because I lack the time to make it shorter. Blaise Pascal

Bruce Allen
Bruce Allen
Moderator
Joined: 15 Oct 04
Posts: 1,109
Credit: 172,125,663
RAC: 0

I'm looking into

I'm looking into this.

Bruce

Director, Einstein@Home

Constantinos
Constantinos
Joined: 16 May 05
Posts: 39
Credit: 938,513
RAC: 0

RE: I'm looking into

Message 61074 in response to message 61073

Quote:

I'm looking into this.

Bruce

GOOD FOR YOU!

Gravity increases significantly in Autumn, because apples fall in large numbers during that time!

Constantinos
Constantinos
Joined: 16 May 05
Posts: 39
Credit: 938,513
RAC: 0

RE: I'm looking into

Message 61075 in response to message 61073

Quote:

I'm looking into this.

Bruce

AND BETTER FOR US!

Gravity increases significantly in Autumn, because apples fall in large numbers during that time!

Arion
Arion
Joined: 20 Mar 05
Posts: 147
Credit: 1,626,747
RAC: 0

RE: I'm looking into

Message 61076 in response to message 61073

Quote:

I'm looking into this.

Bruce

I wasn't going to say anything about this mostly since it seems that there's always a cheater(s). We went through this a few years ago with Seti Classic. The main reason for moving to boinc was to prevent things like that from happening as well as to open up distributing computing.

After following the conversation on the other projects seeing the extent of this and how it was propigated, ANYONE who could possibly help track this guy down and have him prosecuted would send a message that this isn't tolerated by the projects, the general computing public and those of us who dedicate our resources to these projects. The damage this person has done to the reputation of the projects involved is probably irrepairable.

Just my 2 cents worth.

Wurgl (speak^Wcrunching for Special: Off-Topic)
Wurgl (speak^Wc...
Joined: 11 Feb 05
Posts: 321
Credit: 140,550,008
RAC: 0

RE: After following the

Message 61077 in response to message 61076

Quote:

After following the conversation on the other projects seeing the extent of this and how it was propigated, ANYONE who could possibly help track this guy down and have him prosecuted would send a message that this isn't tolerated by the projects, the general computing public and those of us who dedicate our resources to these projects. The damage this person has done to the reputation of the projects involved is probably irrepairable.

I really do not understand what you mean with the damage of the reputation?

It was a user who hijacked machines, it was not any project.

Boinc was in the news, at least here in Germany: Link in German language And this link brought my team 4 new users. You know that saying "Bad news is good news".

Annika
Annika
Joined: 8 Aug 06
Posts: 720
Credit: 494,410
RAC: 0

This is really lame,

This is really lame, hijacking other machines just to get more credit. Plus the guy got busted by an absolute noob mistake... why on earth did he leave BOINC running when the PC was on batteries? Hell, that's not even a default setting... I dunno if I should be angry at the guy or just laugh.
Of course I was also worried about the effect this would have on the reputation of BOINC in general. I feared it might discredit the projects, who did nothing wrong but might receive a kind of "negative press echo" about this. But as Wurgl has said, maybe it's not that bad after all... two of my fellow students working on our "IT security project" today heard about BOINC for the first time. So we'll see what the future brings. I sure hope Einstein and BOINC won't have to suffer from Wate's pathetic actions, and most of us honest crunchers here certainly agree with that...

So, keep on crunching, everyone!

Steve Cressman
Steve Cressman
Joined: 9 Feb 05
Posts: 104
Credit: 139,654
RAC: 0

Wate belongs in and

Wate belongs in and everthing that can be done to put him there should be done. After all a crime has been committed.

Steve

98SE XP2500+ @ 2.1 GHz Boinc v5.8.8

Arion
Arion
Joined: 20 Mar 05
Posts: 147
Credit: 1,626,747
RAC: 0

[quote I really do not

Message 61080 in response to message 61077

[quote

I really do not understand what you mean with the damage of the reputation?

It was a user who hijacked machines, it was not any project.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.