KaZaA: The Hidden Threat from P2P Networks

[ibe98765]

KaZaA: The Hidden Threat from P2P NetworksKevin Townsend, June 2, 2003Executive Summary What is KaZaA? Is KaZaA dangerous What can be done about the threat? --------------------------------------------------------------------------------EXECUTIVE SUMMARYWhatever we think about peer-to-peer (P2P) file-sharing networks like KaZaA, they are extremely popular.According to its owners, KaZaA has been downloaded over 228 million times, and each week 2.5 million more people download it. These figures likely include a large number of people who on a fairly regular basis participate in copyright infringement. Moreover, it is a network that we cannot be rid of – nor should we seek to be rid of. KaZaA, along with its successors and clones, is here to stay.KaZaA and KaZaA users’ susceptibility to viruses is well illustrated by the Fizzer worm discovered in May 2003. Fizzer spreads through the KaZaA network by creating multiple copies of itself with different names and placing them in the victim computer’s dedicated KaZaA file-sharing folder. As soon as this happens, Fizzer becomes ‘available’ to every other KaZaA user.To fully understand the risks of using KaZaA, we need to understand how it works. We will examine three areas: What is KaZaA? What dangers does it pose? And how can we protect ourselves?http://www.pestpatrol.com/Whitepapers/p2p.asp

[nlinecomputers]

Thanks for the link. Makes a good presentation brief that I can give to customers to explain the threats by this program. I've had to fix more computers in the last 3 months that just got trashed by fizzer and by users that have Kazaa on the system. Lots of parents also don't even realize that their teenaged kids are doing this.

[Prelude76]

that article has too much FUD for my liking, and i prefer non-FUD diet to my brain.

KaZaA can cause the unintentional publication of confidential corporate information and personal, private information

this arguement is weak. how is it unintentional, when all kazaa shares by default is the newly-created and empty "My Shared Files". you'd have to either move confidential files into that folder, or add a specific folder to share. and both of those actions defeat the word "unintentional".

# KaZaA can introduce Remote Access Trojans# KaZaA can spread viruses# KaZaA has known vulnerabilities

so can email. so can instant messaging. so can websites. so can ftp sites. so can IRC. so can newgroups. i'll stop now.and about the spyware/adware arguement, that's why Kazaa Lite, and Kazaa K++ are so darn popular.

"Software flaws, such as buffer overflows or insecure configurations, may be present in P2P client software and may provide a means for remote users to initiate attacks that execute code on internal systems,"

this one is funny. replace the word "P2P client software" with "Internet Explorer". ok, now does that mean everyone should stop using IE too then? then the article mentions the only 'real' threat; legal impliations. but mark my words, the RIAA will shoot themselves in the foot with their stupid lawsuits. and i hope one day P2P will be viewed like radio or TV and not like some evil entity coming at us from the seventh level of ****.and then i finally understand the whole point of this article by the last paragraph. "Buy Pest Control. we will protect your from the evil Kazaa!" p.s. - i got a laugh out of the MS article they mentioned near the beginning, where MS calls Kazaa and other P2P networks as the "Darknet". thats the first time i heard it described that way, and its a pretty FUD-sounding word; are you going on the internet today or the Darknet?

[nlinecomputers]

this arguement is weak. how is it unintentional, when all kazaa shares by default is the newly-created and empty "My Shared Files". you'd have to either move confidential files into that folder, or add a specific folder to share. and both of those actions defeat the word "unintentional".

Kazaa can be buggy. I've seen it share the whole hard drive when it isn't supposed to do that. Most of the time it works but how many users know how to check it?

# KaZaA can introduce Remote Access Trojans# KaZaA can spread viruses# KaZaA has known vulnerabilitiesso can email. so can instant messaging. so can websites. so can ftp sites. so can IRC. so can newgroups. i'll stop now.

Let's be fair this is not a white paper about every security risk to mankind. This is about the risks in using P2P programs. Lots of my clients don't understand or are aware of the risks. It is one thing to accept the risks and do it anyway. (I use OUTLOOK as my perfered email client!) It's another to be clueless about what is going on. I go into people homes all the time that are running Kazaa on a cable connection 24/7 with no antivrus and no firewall. That is stupid. And guess what most of them are infected and have keyloggers installed on them. Even with the risks from email I didn't see as many coopted systems as I see now that everybody is running Kazaa. People are just ignorant and foolish and with Kazaa's gaining mainstream popularity alot of people are wide open to be taken advantage of.

QUOTE"Software flaws, such as buffer overflows or insecure configurations, may be present in P2P client software and may provide a means for remote users to initiate attacks that execute code on internal systems,"this one is funny. replace the word "P2P client software" with "Internet Explorer". ok, now does that mean everyone should stop using IE too then?

Agreed THAT is a FUD. OTOH I don't use IE....

then the article mentions the only 'real' threat; legal impliations. but mark my words, the RIAA will shoot themselves in the foot with their stupid lawsuits.

Perhaps, but it is a real threat, and if your a small business owner the threat can be very high. I've had several busineses hire me to remove all Kazaa off of their networks and put blocks in the firewall/routers to block P2P programs.

[Prelude76]

i agree in principal that kazaa should be banned in workplace, but has there been a case yet where a company was sued and held liable for copyright infrigment from one of its employees using kazaa? i might be mistaken, but i dont recall hearing any case like that, so if i hear that "you must remove kazaa to protect your business from lawsuits", it too FUDdy for me. just as kazaa has been spared from the courts because they are not responsible for what people do on it, a business could use the same arguement that they are not responsible for the actions of its employees. then again, i'm not a lawyer so i dont know.running kazaa without firewall = stupidity, i agree on that. and if you download program files from kazaa, you definately do need anti-virus. but for mp3s, its not really necassary is it? can viruses spread thru mp3s?

[nlinecomputers]

I have not yet heard of a case but that doesn't mean that there will not be one. Also most business buy their broadband to meet a certain business need so having a bandwidth hog like Kazaa on there system is something they would want to remove. "I pay people to work. Not download music...."I've never seen a MP3 that was a virus and I doubt you could do it. If ALL you ever do is download music then your most likely safe but how many people have never used Kazaa to download games or movies, or porn or someother executable file? The W32/Benjamin-A virus spead by such means. All the infected files are either SCR or EXE files not MP3 so you'd think that people wouldn't download them. But end users are stupid they don't understand or care about file extentions. They just want to download porn and Metallica.

[Prelude76]

They just want to download porn and Metallica.

ah, metallica is so 1980's. they're a joke and the perfect reason why so few artists these days openly try to attack their own fans by voicing their support for the RIAA campaign. and porn. well, you have to have porn. internet wouldnt exist without porn. if there was no porn and no mp3s on the internet, you'd see many ISPs go belly up.