PhF?

[bkehoe]

I think I may have solved part of the PhF 'problem', and it doesn't look legal.

I was on #distributed there now when a person came along saying that a dnet trojan was on his system. Here is what was said - around 11:15GMT.



<< <TomG> Er, I said that already.
<}}FUBAR{{> not good
<{FDISK}> }}FUBAR{{: in the directory where the client was installed, there should be a file, dnetc.ini
<}}FUBAR{{> There is
<{FDISK}> }}FUBAR{{: if you open it, you can find who did it
<}}FUBAR{{> Distributed Computing Technologies, Inc.
<dctievent> RC5: Current distributed.net rate is 118.93 Gkeys/sec.
<}}FUBAR{{> er no
<{FDISK}> lemme tell you want to look for
<}}FUBAR{{> virgedx@home.com
<}}FUBAR{{> Ring a bell to anyone?
<TomG> Fubar: Someone cracked your computer, and installed the distributed.net client. Report the e-mail address listed in the client to the distributed.net staffers.
<TomG> This behaviour is not allowed.
<}}FUBAR{{> Okie
<{FDISK}> noyes, report it
<}}FUBAR{{> Thanks for helping...
<{FDISK}> erm, yes.
<TomG> The program is not harmful, it uses idle CPU time to work on cracking RC5-64.
<{FDISK}> thats most likely the ID of ther person who did it
<}}FUBAR{{> Okie..thanks
<}}FUBAR{{> I've been cracked somehow...dunno how...but I guess I better find out
<}}FUBAR{{> Thanks for all the help
<{FDISK}> FUBAR: if you can come back later, you should be able to talk to a d.net staffer here
<TomG> Not a problem
<}}FUBAR{{> Okay...Will do >>



This seems to be ViRGE's email, and may be one of the infected machines.

I'll save all the text from the irc sessian in case you want it all.

Brendan

 

[RaySun2Be]

ACK! that's exactly the kind of thing we were worried about. 🙁

You know the saying, &quot;if it seems to good to be true, then it is.&quot;

Moose,
are you lurking about? What's DNET's position on this, and have you been contacted? ViRGE IS one of the recipiants of the PhF cracker. Any status on verifying that the PhF blocks are legit? HELP!

 

[amok]

Been a while since we've seen you in here Brendan 😉. Things still going well with you at Sysopt?

I'm not worried about it. We've had Moose looking into this issue for a while and he will eventually figure out the answer. However, despite the fact that I have no idea who the people on that board were, I seriously doubt it is a trojan that the PhF employs. Have you ever seen a trojan that stops infecting computers after a bit? Our stats have been pretty level for quite a while now, which implies that the PhF isn't using a trojan (as our stats would still be increasing almost exponentially). I'll rest on that, because I honestly can't figure out anything else to say 😉. Maybe that guy bought ViRGE's old computer or something...

 

[Viztech]

Thanx for reporting that to us Bkehoe.
As a recipient of the PhF, I have been fearing that innocent people have been affected.
Could you email that text?
kenander@viztech.com

Thanx
viz

 

[Scraper]

bkehoe

could you also send me that text
scraper@bigfoot.com

tnx

 

[Windogg]

I believe the Dnet trojan only cracks for Nugget. Take a look at his keyrates. Our PhF is out to help the team and I do not believe he/she would do such a thing.

Windogg

 

[Russ]

Windogg,

A trojan can crack for anyone simply by using their eMail address. Nugget was just high profile target.

Russ, NCNE

 

[Windogg]

Gotcha Russ, I thought the trojan was specifically for Nugget. Didn't know it was programmable. So is that how One and Two of Borg assimilates so many machines. 🙂

Windogg

 

[ViRGE]

Eekk!!!! Now someone thinks I'm a trojan dealer!.:| I'll talk to moose, and see if someone is crying wolf, or if I'm just being targeted like we all fear.🙁

PS Send me a copy of the log

 

[dvch]

Now,now,Windogg we all know the Borg are honest destroyers of all that is right and good-not sneaky at all; just evil.😛