Unauthorized Installs of SETI@Home (Virus Alert)

Moderator: News Team

Post Reply
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Unauthorized Installs of SETI@Home (Virus Alert)

Post by Derek »

SETI@Home wrote:Over the past few weeks we've been getting reports from users who found unauthorized installations of SETI@home on their systems. It should be made clear that this is not due to a security flaw in SETI@home itself, but a flaw in your system that allows viruses to infiltrate and install our software. As well, this seems to be only a problem for people using Windows operating systems.

In one case, a user found a Windows command line client running under the name "cpuidle" in the directory:


D:\WINDOWS\system32\drivers\etc\CPUIDLE

There is a real program out there called "cpuidle" - this particular infection was running SETI@home under this same name to confuse the user into thinking it was the valid "cpuidle" and not a fake one.

Another user claimed that they got infected this way over an IRC channel.

In the past, known worms were distributed around the internet that infected systems, causing them to download SETI@home and execute it. For example, we already know about this one from back in 2001:

http://securityresponse.symantec.com/av ... yd@mm.html

Unfortunately, at this time we don't know much about the worm/virus which may be doing this. If you have any clues, please pass them along to us. We'll update this web page as we gather more information.
:arrow: http://setiathome.ssl.berkeley.edu/virus.html

So don't worry about SETIsyou installed, but keep an eye out for SETIs you didn't install :)

Derek
Derek
Site Admin
Posts: 2489
Joined: Tue Jul 23, 2002 3:55 pm
Location: Canada
Contact:

Post by Derek »

How could I forget to thank David (24seven) for sending me the link.

Thanks David!
-Derek
kuun
Post-O-Matic
Posts: 1566
Joined: Sat Nov 02, 2002 5:26 pm
Location: Tennessee
Contact:

Post by kuun »

hehe

derek and his memory (about as good as fried SDRAM) :P

thanks mates...

my secret is out.. i was gonna go infect a million computers and have them turn in 15 WU's each and then delete themselves >:|

arses :P
!!! WARNING !!!
The following forums: www.bp6.com
are infected with the following VIRUS(s): Kuun.infected.all.posts.Win2K.user

The following IRC servers has been exploited: irc.bp6.com
with the Following Exploit: Kuun.lurks.using.mIRC.v5.82.exploit
HAL6000
SETI Guru
Posts: 246
Joined: Wed Jul 24, 2002 7:11 pm
Location: Bloomfield, NJ U.S.A.
Contact:

Post by HAL6000 »

I am not going to say I never thought of doing something like this :roll:
Post Reply