SETI@home: virus info

Information regarding unauthorized installs of SETI@home

Last Updated: November 17, 2003

Over the past few weeks we've been getting reports from users who found unauthorized installations of SETI@home on their systems. It should be made clear that this is not due to a security flaw in SETI@home itself, but a flaw in your system that allows viruses to infiltrate and install our software. As well, this seems to be only a problem for people using Windows operating systems.

In one case, a user found a Windows command line client running under the name "cpuidle" in the directory:

D:\WINDOWS\system32\drivers\etc\CPUIDLE

There is a real program out there called "cpuidle" - this particular infection was running SETI@home under this same name to confuse the user into thinking it was the valid "cpuidle" and not a fake one.

Another user claimed that they got infected this way over an IRC channel.

In the past, known worms were distributed around the internet that infected systems, causing them to download SETI@home and execute it. For example, we already know about this one from back in 2001:

http://securityresponse.symantec.com/avcenter/venc/data/w32.hyd@mm.html

Unfortunately, at this time we don't know much about the worm/virus which may be doing this. If you have any clues, please pass them along to us. We'll update this web page as we gather more information.