Apparently peer-to-peer file swapping networks aren't just for passing the porn or for software and copyright piracy. A number of reports say computer security experts are becoming increasingly alarmed that spyware, malware, backdoors, and other pestiferous bugs are passing through the P2P lines.
"Spyware is a byproduct of peer-to-peer file-sharing," Apreo Software president Jerry Pereolat told TechNewsWorld.com. "People are generally unaware of how easily spyware gets into their computers. [P2P users] share whatever they can find on the hard drive and the network."
And, experts say, much of what you can get on the P2P networks comes cracked, meaning anti-piracy technologies intended to prevent use by all but legitimate buyers have been disabled; still other software can be downloaded with serial numbers included in the zipped file so installation is not impeded.
All of this seemingly free software is not without risks. Some forms of spyware can track user activity, identify files and their locations, and capture passwords. This sensitive personal and corporate data then can be automatically uploaded to servers controlled by spammers, mass marketers, and hackers."
Britain's mi2g Intelligence Unit reported earlier this month that the malware risk is 3 in 10 this year, up from 1 in 40 last year; meaning it's grown from a 2.5 percent risk to a 30 percent risk, with May the fifth-worst month ever when it came to malware proliferation. The damage, mi2g estimated, ranged from $16.2 billion to $19.8 billion around the world, much of it caused by the Sasser and associated worm outbreaks.
Spyware raises privacy-invasion risks, while malware encompasses rogue code including worms, viruses, Trojans, and other programs that can put themselves onto your computer without your knowledge as often as not. Malware damage has exceeded $100 billion, according to mi2g.
And the P2P networks are getting more attention for the possibilities of such damaging programs going through them. Previously accused of doing little to stop people from sending porn through their networks, the P2P programs also have to ponder whether their networks are being used to swap inside company information. "Often, workers contribute software put on corporate networks in exchange for the downloads they get," Pereolat said. "Some people don't realize that P2P applications can search for files and other software and upload them unknowingly."
So can file swapping between players of online games, as happened, apparently, with Osama Found, a game that was reported to have secretly stolen usernames from certain instant messaging address books and used them to send instant messages automatically, messages that TechNewsWorld said included links to a Web page where the game could be downloaded.
"Take a close look at the serious security, legal liability and infrastructure threats peer-to-peer file sharing poses to your organization," said Websense Inc., whose signature program is designed to block P2P at a business or corporate network gateway. In a recently-published white paper on the subject, Websense said businesses only began getting wise to security risks after such high-profile P2P networks as KaZaA and Napster began facing equally high-profile litigation, in which some litigants charged the networks were being too lax about security threats through their networks.
"P2P networks can be, and are, easily exploited to distribute viruses and worms, allowing them to bypass normal security and filtering barriers," the white paper said. "Viruses and worms can hitch a ride on files transferred using P2P applications and make their way into an organization's networks."
As one example, they cited ClickTilUWin, an adware program which often passed through the Grokster P2P network carrying a piggybacking payload Grokster's antivirus softwares never caught: A Trojan horse, W32.DIDer, downloaded inadvertently by Grokster users for a three-week period.
Websense also estimated in the white paper that about 45 percent of the most popular files swapped on KaZaA last year contained viruses, worms, or Trojans.
But P2P networks and their users, the Websense paper continued, have another vulnerability that's just as deadly if not more so: hackers. "Hackers can easily take advantage of P2P vulnerabilities," the white paper said, "including buffer overflow, to spread worms and viruses." That refers to software glitches causing problems for users and developers. Also, P2P users reveal their IP addresses when swapping files, and hackers can attack the system that way, the white paper said.
Websense itself is one way to cut down on the risks associated with P2P. Two others, TechNewsWorld said, are FaceTime's RTG500 network device, which is designed to guard against unauthorized instant messaging connections and to eliminate P2P file swapping; and Apreo's SmartSearch technology, which finds files based on content and can uncover them even if the file names were changed or the files were tucked away in compressed files. The program's Workstation PolicyShield can search and disable P2P programs, instant messaging, and just about anything else suspected of conducting spyware.
