ShootStraight
02-20-2007, 06:20 PM
From QMC@home forums (http://qah.uni-muenster.de/forum_thread.php?id=406#21165) :
"It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.
In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.
About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.
The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.
Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.
Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.
Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.
How can we prevent our own computers being similarly compromised by frauds and spammers?
*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).
*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.
*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.
*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.
*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.
*If your computer behaves unexpectedly, post on the forums.
Here is Wate:
http://www.boincstats.com/stats/boinc_user_graph.php?pr=bo&id=873722
http://climateapps2.oucs.ox.ac.uk/cpdnboinc/show_user.php?userid=188887
http://boinc.berkeley.edu/chart_list.php
http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.
This thread can be used for discussion, reprobation and ridicule. And members of other projects are welcome to copy this post to their own forums.
Mo (cpdn)"
Had to know this would happen sooner or later. Still... WOW!
-SS
"It recently came to the attention of boinc staff that a multi-project cruncher called Wate who occupied a very high position in the boinc and project stats had reached this exalted position by dishonest means.
In early June 2006 he appears to to have released onto the internet a link purporting to provide Windows updates including now for Vista. Some 1500 members of the public worldwide downloaded these 'updates' which in fact consisted of a trojan application that downloaded boinc.exe and attached the person's computer to Wate's account, giving him the subsequent fraudulent credits.
About 90% of the people affected appear to have uninstalled or disabled the unwanted boinc installation, but some compromised computers are still running and crashing climate models. Boinc and project staff have no means of contacting the owners of these computers.
The problem came to light when an affected member of the public noticed the heavy drain on his laptop's battery, looked in Task Manager at the running processes, identified boinc and contacted a group of genuine boinc members in Italy.
Carl deleted Wate's cpdn credits last Friday. An unfortunate side-effect of this was that cpdn credits did not update over the weekend. This problem is now sorted. The managers of most of the other projects Wate was attached to have chosen a different course, altering his registration details.
Wate's method of hijacking computers via a dishonest download is one of the classic methods used by spammers.
Boinc staff, the ClimatePrediction programmers and your moderators stress that boinc and project software was never at fault, nor was there ever any breach of Windows XP or Vista security. The dishonest application was Wate's trojan. Boinc and project software were never infiltrated and remain secure.
How can we prevent our own computers being similarly compromised by frauds and spammers?
*Use legitimate software (it is said that half the illegal copies of Windows sold in China come with a virus pre-installed).
*Download updates for your operating system and other programmes via the tools on your computer, not through links in emails or links on web pages.
*Download new programmes only through links on websites you thoroughly trust, or type the address yourself.
*Keep your AV and firewall up-to-date and scan regularly. Install and use malware cleaners such as Spybot and Adaware.
*Look at Task Manager from time to time to see all the running processes on your computer. Right-click on the digital clock and select it. The processes whose names you don't recognise can be identified through a search engine. If you suspect a rogue application, download HijackThis and post your log there. You will be told what can be safely deleted.
*If your computer behaves unexpectedly, post on the forums.
Here is Wate:
http://www.boincstats.com/stats/boinc_user_graph.php?pr=bo&id=873722
http://climateapps2.oucs.ox.ac.uk/cpdnboinc/show_user.php?userid=188887
http://boinc.berkeley.edu/chart_list.php
http://burp.boinc.dk/forum_user_posts.php?userid=100 - appears to be the same member.
This thread can be used for discussion, reprobation and ridicule. And members of other projects are welcome to copy this post to their own forums.
Mo (cpdn)"
Had to know this would happen sooner or later. Still... WOW!
-SS