Fighting malware and spam

Next generation peer-to-peer threats - from mild to wild

Robert Freeman Internet Security Systems

The peer-to-peer network medium is gaining attention from the media, organizations working to protect copyright holders, and virus writers. However, the average peer-to-peer user is unlikely to consider the security consequences of using these networks. Viruses that propagate through the various peer-to-peer networks such as Fasttrack (Kazaa) and Gnutella, expect a certain amount of users to be fooled by provocative filenames promising free software or pornography. These viruses are mild threats compared to what may come in the next generation of peer-to-peer malware. Consider the outbreak of 'Phatbot' in March. Phatbot uses the WASTE peer-to-peer protocol, designed by AOL's Nullsoft, to talk to each other for remote control rather than distribution. Its propagation vectors are all remote exploits save for the backdoor left by the Mydoom virus. This leap from using peer-to-peer networks for propagation to using them for malicious remote controlled activities is troubling. In this instance, it appears greed is the motive based upon its ability to steal AOL accounts, product serial keys, and harvest email addresses. What if the motivation was something else such as embarrassment or destabilization? Tunnelling sensitive information aided by peer-to-peer networks should be a concern.

This paper will address:

• a background on peer-to-peer networks
• real-life examples of existing threats
• potential next-generation dangers
• best policies to address these threats