lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.21.0611211858130.20333-100000@linuxbox.org>
Date: Tue, 21 Nov 2006 18:58:26 -0600 (CST)
From: Gadi Evron <ge@...uxbox.org>
To: full-disclosure@...ts.grok.org.uk
Subject: P2P as a new spam medium,
	moving from PoC to full operations

[x-posted]

Spam on P2P networks used to be mainly with advertising inside downloaded
movies and pictures (mainly pornographic in nature), as well as by hiding
viruses and other malware in downloaded warez and most any other file type
(from zip archives to movie files). Further, P2P networks were in the past
used for harvesting by spammers.
Today, P2P has become a direct to customer spamvertizing medium. This has
been an ongoing change for a while. As we speak, it is moving from a proof
of concept trial to a full spread of spam, day in, day out.
The idea is not new, but now it is becoming serious.

Some choice picks:
eBook - Googlecash - Make Money using google (Learn to use Affiliate
programs to make easy money).pdf
Us Banks Acounts Information [Dir]
How To Create An Automated Ebay Money Machine.pdf
Easy Chair Millionaire Review.pdf
Press Equalizer Review - Flood Your Site With Targeted Traffic, Achieve
Top Rankings and Gain Dozens or More Backlinks.pdf
Top Home Based Jobs [Dir]

And so on. These are just some of the scams now being pushed over P2P.

<a href="http://blogs.securiteam.com/index.php/archives/487">We discussed
this before</a>; it started with fake books on the subject of online
marketing, and now it has gone all the way to spammers/phishing/"affiliate
programs"/spyware (or in other words online fraud related organized crime
groups) looking for new ways and mediums by which to reach target
audience, with email becoming more and more scrutinized and filtered.

Using P2P is just the latest in a long line of mediums, ranging from the
fax machine to IM and comment spam on blogs. In the past we have seen
proof of concept spam seeding on P2P networks, now and for the past month
in general, it has become common practice and covers everything from click
fraud to full-fledged phishing and money mule recruitment.

I fully expect this medium to become more important to the bad guys, as
many an Internet user are on P2P networks. Further, the bad guys are
already diversifying their spam seeds, moving from just eBooks and
downloadable books in PDF format to others file types. These are sent
through .DOC, and even inside directories for download.

So, how do people filter P2P searches and downloads? Do they in any way
intend to? How do P2P networks intend to deal with this?
Most likely, they don't and won't. I don't really see organizations
implementing anti-spam products for P2P (not that these exist), nor do I
see ISPs protecting their users on P2P (when they generally don't want
them there).

P2P will remain one of the worst mediums for infecting users with malware,
and now it will become a very busy spam location. I wonder for how long
users will be able to download on P2P networks without encountering mainly
fakes. So far, spammers have not been imitating "legitimate" P2P files
such as, say, MP3 songs, but it is not far in the future when this will
happen.

At that time, the P2P networks which will react will survive. It won't be
easy. Especially as I don't predict they will do so until it is, by far,
too late. Much like with spam, botnets and spyware, threats are generally
ignored until they become very painful. In my opinion the Bit Torrent
network will be easier to control, as downloads can be verified if seeded
and advertised via trusted sites. Large torrent sharing sites are the main
threat.

	Gadi Evron.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ