This is in defense of D.Net, just because it is "believed" they have the know all ability. All D.Net receives with the cracked blocks is the IP address of the sender. Doing a nslookup of that IP in most instances will NOT reveal any sort of identity of the user. For example, my ISP's modem pool is all slc****.modem.xmission.com. D.Net would have to contact my ISP, give them the IP and date stamp, and truely hope my ISP gives them that info (for my ISP, they probably will not get any information unless under court order). Same with my cable modem hostname. c******.***.home.com will not reveal my email address.
Please understand D.Net cannot just magically retrieve the trojan'ed users email address and notify them. They are in a no win situation. Look at Nugget's stats, he is being propelled by trojan clients. Filters would have to be added to the stats run to differentiate possible IP's Nuggets legit blocks would come through and then pipe all excess blocks somewhere else. Would a solution like this work for the amount of people affected from PhF? You can already tell D.Net did not persue a solution like this. I'm putting words in their mouths when I say there is really nothing they can do. The best thing to do is just make known that you believe part of your stats are being propelled by possible trojan clients. This way you are protecting yourself if the trojan'ed users start complaining to D.Net.
As for the trojan client being on this @Home users machine. It could have gotten there quite a few different ways. The user received/downloaded (ftp, www, or email) an unsuspecting program and ran it (my belief is that this is the common reason), someone else loaded it locally or remotely (possible BO variety of tools), file sharing was active and someone injected the executible onto the machine as a general use program that would be run sometime fairly soon. A firewall or being a bit more suspicious of what you download and run can go a LONG way.
Sorry if I came off long winded, but I needed to get that out of my system. Brad..
Edit: Oh, and for the record I'm recieving ~6,000 blocks a day from PhF.