Next generation peer-to-peer threats - from mild to wild
Robert Freeman Internet Security Systems
The peer-to-peer network medium is gaining attention from the media, organizations working to protect copyright holders,
and virus writers. However, the average peer-to-peer user is unlikely to consider the security consequences of using these
networks. Viruses that propagate through the various peer-to-peer networks such as Fasttrack (Kazaa) and Gnutella, expect
a certain amount of users to be fooled by provocative filenames promising free software or pornography. These viruses
are mild threats compared to what may come in the next generation of peer-to-peer malware. Consider the outbreak of
'Phatbot' in March. Phatbot uses the WASTE peer-to-peer protocol, designed by AOL's Nullsoft, to talk to each other for
remote control rather than distribution. Its propagation vectors are all remote exploits save for the backdoor left by the
Mydoom virus. This leap from using peer-to-peer networks for propagation to using them for malicious remote controlled
activities is troubling. In this instance, it appears greed is the motive based upon its ability to steal AOL accounts,
product serial keys, and harvest email addresses. What if the motivation was something else such as embarrassment or
destabilization? Tunnelling sensitive information aided by peer-to-peer networks should be a concern.
This paper will
address:
- a background on peer-to-peer networks
- real-life examples of existing threats
-
potential next-generation
dangers
- best policies to address these threats
