Message boards : Number crunching : Trojan used by dishonest BOINC cruncher
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
River~~

Send message
Joined: 13 Jul 05
Posts: 456
Credit: 75,142
RAC: 0
Message 16382 - Posted: 20 Feb 2007, 21:55:49 UTC
Last modified: 20 Feb 2007, 21:56:23 UTC

Saenger (Rosetta) has pointed out this this post on the CPDN board:

It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.

In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.

About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.

The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.

Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.

Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.

Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.

How can we prevent our own computer being similarly compromised by frauds and spammers?

*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).

*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.

*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.

*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.

*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.

*If your computer behaves unexpectedly, post on the forums.


Here is Wate:

http://www.boincstats.com/stats/boinc_user_graph.php?pr=bo&id=873722

http://climateapps2.oucs.ox.ac.uk/cpdnboinc/show_user.php?userid=188887

http://boinc.berkeley.edu/chart_list.php

http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.

This thread can be used for discussion, reprobation and ridicule.



R~~
ID: 16382 · Report as offensive     Reply Quote
Philip Martin Kryder

Send message
Joined: 21 May 06
Posts: 73
Credit: 8,710
RAC: 0
Message 16383 - Posted: 21 Feb 2007, 7:30:30 UTC - in response to Message 16382.  

Is this why there was such a massive change in BOINC rankings today?
ID: 16383 · Report as offensive     Reply Quote
River~~

Send message
Joined: 13 Jul 05
Posts: 456
Credit: 75,142
RAC: 0
Message 16387 - Posted: 21 Feb 2007, 13:26:58 UTC - in response to Message 16383.  

Is this why there was such a massive change in BOINC rankings today?


Non-authoritative answer, based on my understanding of the postings. If you *really* want to know, ask on cpdn in the thread I linked from my first post here.

Teams and Individuals would only have moved up one position on account of this user's credits being withdrawn(cpdn) or obfuscated(other projects).

Hosts would have moved up by around 1500 positions in the host rankings.

The most massive change in BOINC overall rankings will have been due to the fact that CPDN's first attempt to zap this dishonest user resulted in their own stats not going out over the weekend (ie they got it wrong first time, an experience all IT people will sympathise with). So there were effectively four days of CPDN stats that arrived at once, combined with the withdrawal of one b*****d.

What there will have been is a one-off reduction in the total credits across BOINC, with this user's CPDN credits no longer in the totlals.

R~~
ID: 16387 · Report as offensive     Reply Quote
Profile Steve Cressman
Avatar

Send message
Joined: 28 Sep 04
Posts: 47
Credit: 6,394
RAC: 0
Message 16389 - Posted: 21 Feb 2007, 18:44:19 UTC

he is not going to have any credits left to brag about. Even Ufluids disabled his account. I think this guy should end up in for unlawful use of other peoples computers.

Steve
98SE XP2500+ @ 2.1 GHz Boinc v5.8.8
ID: 16389 · Report as offensive     Reply Quote
Profile pschoefer

Send message
Joined: 14 Jul 05
Posts: 21
Credit: 3,486,046
RAC: 0
Message 16603 - Posted: 23 Mar 2007, 12:56:50 UTC
Last modified: 23 Mar 2007, 12:57:34 UTC

@all: STOP RUNNING Predictor@Home!!! Here's what the admin over there wrote:
If someone has installed the boinc client on machines that they do not have permission to that is wrong. I have no way of knowing if this has or hasn't happened. Just because "some guy" posted something on the internet is not good enough reason to take any action against anyone.

ID: 16603 · Report as offensive     Reply Quote
Profile Ocean Archer
Avatar

Send message
Joined: 13 Jul 05
Posts: 143
Credit: 263,300
RAC: 0
Message 16604 - Posted: 23 Mar 2007, 17:32:55 UTC
Last modified: 23 Mar 2007, 17:33:33 UTC

Now - this is silly. The issue was discovered and handled over a month ago. The actions have been repeatedly discussed -- in my mind, there's no further action required.

By the way, if you feel that Predictor@home is doing something wrong - shouldn't you post your concerns on the Predictor boards rather than here ???


If I've lived this long, I've gotta be that old
ID: 16604 · Report as offensive     Reply Quote
Profile Nightbird

Send message
Joined: 13 Jul 05
Posts: 55
Credit: 41,230
RAC: 0
Message 16606 - Posted: 23 Mar 2007, 20:46:25 UTC - in response to Message 16604.  
Last modified: 23 Mar 2007, 21:18:08 UTC

Now - this is silly. The issue was discovered and handled over a month ago. The actions have been repeatedly discussed -- in my mind, there's no further action required.

By the way, if you feel that Predictor@home is doing something wrong - shouldn't you post your concerns on the Predictor boards rather than here ???

They're deleting messages and banning peoples for that.


Do you want to get banned for 31 years, your account and credits deleted at a Boinc project ? Predictor@home is your best choice.
ID: 16606 · Report as offensive     Reply Quote
Profile Logan5@SETI.USA
Avatar

Send message
Joined: 30 Sep 04
Posts: 112
Credit: 104,059
RAC: 0
Message 16608 - Posted: 24 Mar 2007, 2:48:06 UTC

Well, the predictor@home project can do what they please so if banning accounts/deleting posts that criticize their way of (not) handling the Wate cheating scandal is the norm for the way they resolve problems then it's clear what needs to be done....

Vote with your CPU cycles, meaning that if you do not condone the predictor admins handling of this matter, take your crunchers elsewhere....

What little if any science are they going to get done if they have no one to crunch their WU's?



ID: 16608 · Report as offensive     Reply Quote
Fritz
Avatar

Send message
Joined: 4 Sep 05
Posts: 13
Credit: 536,862
RAC: 0
Message 16610 - Posted: 24 Mar 2007, 11:30:01 UTC

Nightbird

If you read the final message in the thread linked to, you will find that the Admins there banned 2 people for posting false accusations. They also state that where there is no evidence they cannot assume a breaking of the rules. That seems to be fair enough.

I haven't looked at their message board rules, but if there is mention of posting false or unsupported info that harms, or is intended to harm. another user, that would justify the 2 banishments mentioned.

If Admins there declared the matter closed and asked that new threads beating this dead horse not be created, then it would be well within their rights to delete threads as they appear, again haven't looked for this, but they have stated that they are dealing with the person who has been proven to have violated their rules and from the Admin's comments & Pscheofer's complaint they are containing the issue in a manner they deem best.
ID: 16610 · Report as offensive     Reply Quote
Ariel
Avatar

Send message
Joined: 7 Mar 07
Posts: 59
Credit: 7,906
RAC: 0
Message 16611 - Posted: 24 Mar 2007, 18:34:30 UTC - in response to Message 16610.  
Last modified: 24 Mar 2007, 18:50:06 UTC

...the Admins there banned 2 people for posting false accusations.

...[Re:] rules ... there is mention of posting false or unsupported info that harms, or is intended to harm.

Who gets to decide what constitutes a "false accusation"? If the Admins feel "harmed" by an accusation, I suppose they can conspicuously deem it "false" and invoke their convenient rule.

It seems that the Admins have a monopoly on truth and "un-truth". I believe this is "un-good" (to use Orwellian New Speak.) If this really were the case, we wouldn't need discussion forums at all; we could just ask The Admins and get the truth.

Well, Big Brother, I think I'll take leave of your dystopia.

Signed: A former preditor@home participant.



Ariel: Certified "Too Cute for LHC" Cruncher!


. . . . . . . . . . . . -- Consider the lilies.
ID: 16611 · Report as offensive     Reply Quote
Profile Nightbird

Send message
Joined: 13 Jul 05
Posts: 55
Credit: 41,230
RAC: 0
Message 16613 - Posted: 24 Mar 2007, 20:10:48 UTC - in response to Message 16610.  
Last modified: 24 Mar 2007, 20:14:20 UTC

Nightbird

If you read the final message in the thread linked to, you will find that the Admins there banned 2 people for posting false accusations. They also state that where there is no evidence they cannot assume a breaking of the rules. That seems to be fair enough.

I haven't looked at their message board rules, but if there is mention of posting false or unsupported info that harms, or is intended to harm. another user, that would justify the 2 banishments mentioned.

If Admins there declared the matter closed and asked that new threads beating this dead horse not be created, then it would be well within their rights to delete threads as they appear, again haven't looked for this, but they have stated that they are dealing with the person who has been proven to have violated their rules and from the Admin's comments & Pscheofer's complaint they are containing the issue in a manner they deem best.

Sure they try to contain complaints...banning people until 2038 or blocking whole IP ranges...


Do you want to get banned for 31 years, your account and credits deleted at a Boinc project ? Predictor@home is your best choice.
ID: 16613 · Report as offensive     Reply Quote
Profile Misfit
Avatar

Send message
Joined: 27 Aug 05
Posts: 55
Credit: 8,216
RAC: 0
Message 16621 - Posted: 25 Mar 2007, 22:33:44 UTC

Click here to vote for my Predictor profile! :-)
Vote recommend and vote often!

Join the Banned for Life team!
me@rescam.org
ID: 16621 · Report as offensive     Reply Quote
John McLeod VII
Avatar

Send message
Joined: 2 Sep 04
Posts: 165
Credit: 146,925
RAC: 0
Message 16625 - Posted: 26 Mar 2007, 2:25:21 UTC

BTW, from what I understand, and this is not well substantiated, it is over 20 people that have been banned. I believe many more have quit processing there because of this.


BOINC WIKI
ID: 16625 · Report as offensive     Reply Quote
Fritz
Avatar

Send message
Joined: 4 Sep 05
Posts: 13
Credit: 536,862
RAC: 0
Message 16626 - Posted: 26 Mar 2007, 5:27:42 UTC

Grrr I was really out of it when I posted that last. My thoughts on the matter are the same, but here is the real text from that post. The mistakes I put in the last post are fair evidence of why the mob should not go on a rampage before doing some fact checking.

<quote>This thread is closed. Please do not create a new one.

Since this thread was first created I have deleted two other threads incorrectly accusing volunteers of cheating.

If someone has installed the boinc client on machines that they do not have permission to that is wrong. I have no way of knowing if this has or hasn't happened. Just because "some guy" posted something on the internet is not good enough reason to take any action against anyone.

dlb</quote>

The major complaints I keep seeing are "I started a new thread discussing Wate and it was deleted". Not surprising since they asked that people treat the problem as handled & get on with their lives.

As for false accusations, their final statement says it well; "Just because "some guy" posted something on the internet is not good enough reason to take any action against anyone"

One of those banned said he had 7 new threads deleted ... maybe the Admins just got tired of swatting flies and put up screens,
ID: 16626 · Report as offensive     Reply Quote
Ariel
Avatar

Send message
Joined: 7 Mar 07
Posts: 59
Credit: 7,906
RAC: 0
Message 16629 - Posted: 26 Mar 2007, 18:12:17 UTC
Last modified: 26 Mar 2007, 18:23:45 UTC

In regards to this issue, Dagorath is on fire!... but this time the heat is hitting dead center!!

His words are precisely on target and I couldn't agree more. Good thing he wasn't banned for the infamous flame-throwing in the renamed "Flame Fest 2007". Ironically, I disagree with nearly everything he said in that thread (a.k.a "Fairer distribution of work") but it was lots of fun.

You have a hot head Dagorath, but it often thinks well.




Ariel: Certified "Too Cute for LHC" Cruncher!


. . . . . . . . . . . . -- Consider the lilies.
ID: 16629 · Report as offensive     Reply Quote
Toby

Send message
Joined: 1 Sep 04
Posts: 137
Credit: 1,691,526
RAC: 383
Message 16633 - Posted: 27 Mar 2007, 5:06:45 UTC

Plus this is not the first report of censorship and sensless bannings I have heard from Predictor. Several of our team members stopped crunching Predictor back in the fall of 2006 because one of our members was banned for bringing up some perfectly legitimate concerns. No spamming, no flames - just questions. I haven't spent enough time researching it all but the evidence certainly seems to be stacking up against the Predictor project...
- A member of The Knights Who Say NI!
My BOINC stats site
ID: 16633 · Report as offensive     Reply Quote
Da Phoole
Avatar

Send message
Joined: 25 Feb 07
Posts: 11
Credit: 7,956
RAC: 0
Message 16634 - Posted: 27 Mar 2007, 8:05:57 UTC

There may be some movement on this issue at Predictor.
According to the QMC Forum, Mr. Braun has frozen the account.
ID: 16634 · Report as offensive     Reply Quote
1 · 2 · Next

Message boards : Number crunching : Trojan used by dishonest BOINC cruncher


©2024 CERN