ASTEROIDSATHOME.NET distributing trojans?

Message boards : Projects : ASTEROIDSATHOME.NET distributing trojans?
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
HausGeist

Send message
Joined: 6 Jul 20
Posts: 1
Germany
Message 99643 - Posted: 6 Jul 2020, 6:29:20 UTC

Since some days (almost weeks) my BOINC client could not get work done for ASTEROIDSATHOME.NET
Now access is even blocked by Malwarebytes to their web page because it distribute trojan !?!?!
Can someone from BOINC please check and in case this is true in the interest of safety block this project?




Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Datum des Schutzereignisses: 06.07.20
Uhrzeit des Schutzereignisses: 07:53
Protokolldatei: 1651a9a0-bf4d-11ea-b70f-a85e45cdcfcf.json

-Softwaredaten-
Version: 4.1.0.56
Komponentenversion: 1.0.955
Version des Aktualisierungspakets: 1.0.26457
Lizenz: Premium

-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, C:\Program Files\BOINC\boinc.exe, Blockiert, -1, -1, 0.0.0

-Website-Daten-
Kategorie: Trojaner
Domäne: asteroidsathome.net
IP-Adresse: 89.29.55.30
Port: 80
Typ: Ausgehend
Datei: C:\Program Files\BOINC\boinc.exe
(end)
ID: 99643 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14630
Netherlands
Message 99659 - Posted: 6 Jul 2020, 20:10:13 UTC - in response to Message 99643.  

I tried to get to the Asteroids website and I cannot, it's down for me. So whatever happened to it, someone over there seems to have taken notice and taken it down.
ID: 99659 · Report as offensive
brett5355

Send message
Joined: 31 Mar 19
Posts: 8
United States
Message 99725 - Posted: 8 Jul 2020, 9:53:24 UTC - in response to Message 99643.  

Same thing here.
I can't upload or report finished projects.

MalwarebytesPREMIUM
Website blocked due to a Trojan
Your Malwarebytes Premium blocked this website because it may contain a Trojan.

We strongly recommend you do not continue.

https://block.malwarebytes.com/?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4.1.0.56&cpv=1.0.955&upv=1.0.26569&ldr=260&ip=89.29.55.30&url=asteroidsathome.net
ID: 99725 · Report as offensive
Profile Dave

Send message
Joined: 28 Jun 10
Posts: 1381
United Kingdom
Message 99729 - Posted: 8 Jul 2020, 11:03:08 UTC - in response to Message 99725.  
Last modified: 8 Jul 2020, 11:06:43 UTC

Same thing here.
I can't upload or report finished projects.

MalwarebytesPREMIUM
Website blocked due to a Trojan
Your Malwarebytes Premium blocked this website because it may contain a Trojan.

We strongly recommend you do not continue.

https://block.malwarebytes.com/?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4.1.0.56&cpv=1.0.955&upv=1.0.26569&ldr=260&ip=89.29.55.30&url=asteroidsathome.net


And unsurprisingly,from my Linux machines I can access the site without problems.

Edit: according to message boards there virustotal is also reporting an issue but all other virus checkers are clear.
ID: 99729 · Report as offensive
brett5355

Send message
Joined: 31 Mar 19
Posts: 8
United States
Message 99776 - Posted: 9 Jul 2020, 9:34:04 UTC - in response to Message 99725.  

Still getting the trojan message.
I am going to delete this project until someone says it is all clear.
ID: 99776 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14630
Netherlands
Message 99780 - Posted: 9 Jul 2020, 10:02:00 UTC - in response to Message 99776.  

Because it couldn't possibly be a false positive generated by Malwarebytes?
https://asteroidsathome.net/: https://www.virustotal.com/gui/url/a48bb9dfddfd1e8ef36032951398a32ee78521b3ae74d0efc34bb3ee3ae9645f/detection
https://asteroidsathome.net/boinc/index.php: https://www.virustotal.com/gui/url/517b482d556fb9b1d58b1082838716b4d511c12c1082f97aa2221092ffb0842f/detection

If 70 sites (including Malwarebytes) deem the links clean, then what?
ID: 99780 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4498
United Kingdom
Message 99784 - Posted: 9 Jul 2020, 10:44:14 UTC

I've also got a machine with Malwarebytes Premium, which I use to test potentially dodgy sites. That blocks Asteroids@Home, too, but unhelpfully simply reports "a trojan", with no diagnostic information.

The link on the BOINC projects page takes you to http://asteroidsathome.net/boinc/, which seems clean. but there is also a home page http://asteroidsathome.net/

That home page contains source links

<a href="http://astro.troja.mff.cuni.cz/projects/asteroids3D">DAMIT database</a>
<a href="http://astro.troja.mff.cuni.cz/index_en.html">Astronomical Institute</a>
Could they be the source of the problem? I'm not going to visit those pages myself, but I may be able to refer them to Malwarebytes for further inspection.
ID: 99784 · Report as offensive
Profile Dave

Send message
Joined: 28 Jun 10
Posts: 1381
United Kingdom
Message 99785 - Posted: 9 Jul 2020, 10:56:33 UTC - in response to Message 99776.  

Still getting the trojan message.
I am going to delete this project until someone says it is all clear.


Between the various projects that send out work for BOINC, there are millions of lines of code. CPDN for instance has a few million on its own between the different task types. Statistically, the odds are high that several times a year, one or more projects will throw a false positive on one or more of the virus checkers/anti malware programs. This is because they work by matching code segments between the malicious software and the software being checked out. If a long enough segment of code produces an exact match it is thrown up as a false positive even though in the context of the task software it is completely innocent. Until a sufficient number of users report it as a false positive, it keeps being flagged as a problem or potential problem.

Many projects have had this happen over the years. If I were running Windows, I would exclude the BOINC data directory from the scans because I trust the projects I run. If you don't trust a project sufficiently to do this, should you be running it in the first place?
ID: 99785 · Report as offensive
Richard Haselgrove
Volunteer tester
Help desk expert

Send message
Joined: 5 Oct 06
Posts: 4498
United Kingdom
Message 99786 - Posted: 9 Jul 2020, 10:58:07 UTC - in response to Message 99785.  
Last modified: 9 Jul 2020, 11:43:25 UTC

I'm not trying to access downloaded data - I'm trying to access a website.

And now I've followed the rather convoluted procedure for raising a support ticket with Malwarebytes. I'll let you know what they say.
ID: 99786 · Report as offensive
ProDigit

Send message
Joined: 8 Nov 19
Posts: 633
United States
Message 99838 - Posted: 10 Jul 2020, 5:29:36 UTC
Last modified: 10 Jul 2020, 5:30:09 UTC

Asteroids for a while has been suffering from low disk space. Their servers regularly are inaccessible.
Processed WUs are being queued, to the point of timing out.
I have halted this project, as their only running server, is the one assigning new WUs (the server receiving them is offline, as well as their forum website).

I myself haven't seen any viruses coming from it.
However, the forum (when it was running) was never backed by proper admins.
I've never seen the leaders of the project interact with the forum members.

That Asteroids sent you a trojan, is very unusual. It may be triggered as a false positive.
Either way, it's best to halt the project, until they're up and running again!
They made wonderful WUs for GPU computing!
ID: 99838 · Report as offensive
Jan Henrik
Avatar

Send message
Joined: 5 Jul 20
Posts: 9
Message 99842 - Posted: 10 Jul 2020, 7:06:48 UTC - in response to Message 99786.  

I'm not trying to access downloaded data - I'm trying to access a website.

And now I've followed the rather convoluted procedure for raising a support ticket with Malwarebytes. I'll let you know what they say.


Well thank you and let's park the trojan-or-not for a minute.


1.) wasted volunteer computing:

Someone talked completely past the message board,
opened a "server outage resolved"-thread,
restarted the servers and achieved: mostly nothing.

Since then that thread alone counts 71 posts that boincers still can't upload the completed tasks!
And yet again the same as for many weeks before: they're all talking to an empty space!
That message board is ignored and therefore a useless fake!

And: all this tasks are mostly expired by now so: THE PROJECT WASTED ALL THAT CRUNCHING!


2.) unattended site/servers free to raid:


I admire the spirit of running a project alone with the little resources available.

Unfortunately; is that secure nowadays?

Displaying a site/server as unattended for weeks and therefore free to raid?


What does that lead to?

As we seen with another project:

Trolls started spamming the the message boards, and that looks like that University spamming.


The bigger picture:

Projects, volunteer computing, citizen science and such;

appear to be spamming, spreading trojans and wasting volunteer contribution.



How much of this IS accidental or intended assault on reputation doesn't even make a difference.

The result is the same shame. There goes the neighborhood.



[The Old Man recommends: Wake Up! Change Grasp!]







{log entry: snapshot_entropy sample | class_somnambully}
"less than a pixel"
ID: 99842 · Report as offensive
Profile Dave

Send message
Joined: 28 Jun 10
Posts: 1381
United Kingdom
Message 99843 - Posted: 10 Jul 2020, 11:15:57 UTC

The bigger picture:
Projects, volunteer computing, citizen science and such;
appear to be spamming, spreading trojans and wasting volunteer contribution.


I see no evidence for such a generalisation.
ID: 99843 · Report as offensive
Jan Henrik
Avatar

Send message
Joined: 5 Jul 20
Posts: 9
Message 99855 - Posted: 10 Jul 2020, 19:55:09 UTC - in response to Message 99843.  

I see no evidence for such a generalisation.


that's fine, you don't have to
________________________________

and apologies for the typo (now around 50 posts in that thread)

yet as of this timestamp the 3 essentials didn't change;

1.) upload still not working

2.) message board ignored and therefore useless

3.) crunching wasted

in my case 754 tasks which where completed more than a week ago

tried like all the others to upload since then and are now expired
"less than a pixel"
ID: 99855 · Report as offensive
teaustin

Send message
Joined: 14 Jul 20
Posts: 1
Message 99948 - Posted: 14 Jul 2020, 17:55:14 UTC

I still get a statement that the site is blocked because of an out going Trojan Horse. Tried to get through on the site but the whole site is blocked. What a pain.
ID: 99948 · Report as offensive
zardon409

Send message
Joined: 28 Nov 18
Posts: 8
United States
Message 99957 - Posted: 14 Jul 2020, 21:32:11 UTC - in response to Message 99784.  

btw, troja means three in czech, according to Google Translate.
ID: 99957 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14630
Netherlands
Message 99958 - Posted: 14 Jul 2020, 21:36:52 UTC - in response to Message 99842.  
Last modified: 14 Jul 2020, 21:38:33 UTC

The bigger picture:

Projects, volunteer computing, citizen science and such;

appear to be spamming, spreading trojans and wasting volunteer contribution.
So just because one project doesn't do what is considered normal, you generalize and throw all projects under the bus. Because I'm sure you can put some evidence down on your claim that "projects" (plural) are spamming and spreading Trojans? (And it's still only Malwarebytes that gives this problem, none of the myriad of other AV/AM options does, which makes it in my opinion still a false positive from Malwarebytes)

Btw, the easiest thing to do is just leave a project that does these things this way. An admin will notice a lack of hungry computers earlier than posts on his own forums.
ID: 99958 · Report as offensive
zardon409

Send message
Joined: 28 Nov 18
Posts: 8
United States
Message 99959 - Posted: 14 Jul 2020, 22:43:19 UTC - in response to Message 99784.  

And doing further research, I found that cuni.cz is the website of Univerzita Karlova and mff.cuni.cz is CUNI MFF | Faculty of Mathematics and Physics.

I sent an email to mff@mff.cuni.cz. Maybe it would help if others did the same, or sent emails to sdek@dekanat.mff.cuni.cz, the secretary's office.
ID: 99959 · Report as offensive
Steven Gaber

Send message
Joined: 28 Jun 20
Posts: 33
United States
Message 99964 - Posted: 15 Jul 2020, 5:24:51 UTC - in response to Message 99784.  
Last modified: 15 Jul 2020, 5:26:38 UTC

My Malwarebytes Premium also blocked my access to my asteroids account, saying it had a Trojan and that it was also not on my list of exceptions.

Thinking the latter was why I had no access, I did put on the exceptions list . Eventually I could get access to my account and the home page, only for a few days. Didn't get any new tasks, but had several tasks "uploading" for weeks. They''re still "uploading," but I can't even get to the home page or anything else from the project.

Somebody should inform the sponsor, Charles University in Prague, that their project is having a little trouble.

Steven Gaber
Oldsmar, FL
ID: 99964 · Report as offensive
Steven Gaber

Send message
Joined: 28 Jun 20
Posts: 33
United States
Message 99966 - Posted: 15 Jul 2020, 6:18:26 UTC - in response to Message 99959.  

And doing further research, I found that cuni.cz is the website of Univerzita Karlova and mff.cuni.cz is CUNI MFF | Faculty of Mathematics and Physics.
I sent an email to mff@mff.cuni.cz. Maybe it would help if others did the same, or sent emails to sdek@dekanat.mff.cuni.cz, the secretary's office.


I followed up on zardon409's suggestion and wrote the following email to Charles Univesity at the address in his post. It reads as follows:
"Sirs:
You may be aware that Charles University is the sponsor of the distributed computing project Asteroids@Home, one of the worldwide Berkeley Open Infrastructure for Network Computing (BOINC) projects.

But the project is in trouble.The Asteroids.net site has been blocked by security programs for having a Trojan virus.  
Thousands of people who are participating in the Asteroids@Home project have been unable to access the project home page,log onto their accounts or upload completed tasks or get any new tasks.

Some of these people have hundreds of completed Asteroids@Home tasks that they are unable to upload to the project. This has been going on for weeks.

The project leader, or at least its contact person, Radim Vanco, has been unreachable.

For several years, Asteroids@Home has had many problems, commonly with server outages and equipment malfunctions, etc.. We whose computers contribute to the project have attributed these problems to under-funding, overwork of the project manager and general lack of support from the University. We always waited till the problems were solved. 

But the latest outage has been going on too long. People are becoming angry and many are abandoning the project..
This is a shame, because Asteroids@Home is an interesting project that is doing valuable research and making real contributions to science.

I also fear it reflects badly on your fine university.
 Also, we worry about Radim Vanco. Is he not well or just overworked?  

If there is any way that you could check on the project and investigate these difficulties, the thousands of Asteroids@Home volunteers would be grateful. We would like to be able to resume processing Asteroids@Home project data and allow it to continue making discoveries for the advancement of astronomy and physics.
 
Sincerely, 
Steven Gaber
Oldsmar, Florida USA"
ID: 99966 · Report as offensive
Jan Henrik
Avatar

Send message
Joined: 5 Jul 20
Posts: 9
Message 99977 - Posted: 15 Jul 2020, 11:29:55 UTC - in response to Message 99958.  

first of all: thanks to Steven for the email-effort and lets hope Radim Vanco is ok!


So just because one project doesn't do what is considered normal, you generalize and throw all projects under the bus. Because I'm sure you can put some evidence down on your claim that "projects" (plural) are spamming and spreading Trojans? (And it's still only Malwarebytes that gives this problem, none of the myriad of other AV/AM options does, which makes it in my opinion still a false positive from Malwarebytes)

Btw, the easiest thing to do is just leave a project that does these things this way. An admin will notice a lack of hungry computers earlier than posts on his own forums.


OK then, let's try to clarify

my words: “appear to”

your words: "evidence", that’s in your head

Many don't need evidence but flashy headlines like "boinc spreading trojan".(that makes the mo)

I don’t like unfit generalization either, neither do you or Dave.
Great, how smart we are, good for us. We’re not alone and I wasn’t talking about me.

Funding, support and volunteers for science depend on public opinion.
(Seti was once in the NASA budget, a 10year project, cut short within a year)
_______________________________________________________________________________

The "trojan-or-not" might be the smallest part or a none issue.
I was trying to put to put that into the the context of the trouble the project is in as we all can see now.

The project does not communicate and wasted lot's of crunching time,
steeling from other projects, where all that crunching could have been applied productively.

That evidently happened, does not look good and could be used as an example to cut funding anywhere,
discourage future volunteers etc.

I don't throw anyone under the bus.
I'm still crunching for other projects and if this one recovers I will come back.


And again I hope Radim Vanco is ok!
"less than a pixel"
ID: 99977 · Report as offensive
1 · 2 · Next

Message boards : Projects : ASTEROIDSATHOME.NET distributing trojans?

Copyright © 2021 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.