Rogue boinc member

A place for general comments and chit-chat.
Post Reply
mo.v
Established Member
Posts: 110
Joined: Mon Feb 19, 2007 7:31 pm
Location: Portsmouth UK

Rogue boinc member

Post by mo.v » Tue Feb 20, 2007 8:49 pm

I'm copying here my announcement on the cpdn forums and the boinc_dev forum because of the implications for crunchers in general and stats watchers in particular. Sänger has copied the post to the forums of other boinc projects affected.

---------------------------------------------------------------------------------
It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.

In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.

About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.

The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.

Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.

Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.

Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.

How can we prevent our own computer being similarly compromised by frauds and spammers?

*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).

*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.

*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.

*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.

*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.

*If your computer behaves unexpectedly, post on the forums.


Here is Wate:

http://www.boincstats.com/stats/boinc_u ... &id=873722

http://climateapps2.oucs.ox.ac.uk/cpdnb ... rid=188887

http://boinc.berkeley.edu/chart_list.php

http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.

Anyone who wishes to copy this post to other stats or team forums is welcome to do so. The feeling at cpdn is that it's best for all boinc members to be aware of what has happened.

Mo

Post Reply