BitTorrent Shrugs Off Massive Malware Attack
Written by enigmax on May 09, 2008Described as “One of the most prevalent pieces of malware in the last three years,” the Downloader-UA.h trojan is running wild on P2P networks. But thanks to its system strength - and the work of torrent site moderators - such outbreaks are shrugged off by BitTorrent.
Anti-piracy outfits, like all organizations fighting against massive odds, rely heavily on the media to amplify their message. Whether it’s a some fringe group exploding a trash can to get attention or someone chaining himself to a prominent building in protest, using the media is relatively cheap and effective. Organizations like the RIAA and IFPI like to play the fear card to reduce file-sharing so a nasty malware attack on P2P networks, affecting up to 27% of tested PCs this week, is a dream come true for them, as they continue to spread their message that P2P networks are nothing but trouble.
However, in a testament to its structure and security, BitTorrent is almost immune from these type of attacks and that is why you never hear the RIAA and IFPI talk about viruses and BitTorrent in the same announcement. In terms of sharing files and avoiding malware, BitTorrent does really well.
This recent malware attack revolved around people downloading files which were renamed to look like music and movies, but instead engineer a situation where lots of other stuff gets installed on the host PC, causing all sorts of problems. While viewing some of the filenames listed by McAfee, I had to remind myself that I was a novice once too - but it was still a stretch for me to believe so many people would download files that look like these:
preview-t-3545425-adult.mpg
preview-t-3545425-changing times earth wind .mp3
preview-t-3545425-meet bambi in kings harem.mp3
preview-t-3545425-middle eastern chick.mpg
preview-t-3545425-theme godfather.mp3
t-3545425-bentley bizzle.mp3
t-3545425-haloween special.mp3
t-3545425-just got lucky.mp3
t-3545425-peanut butter jelly amende.mp3
The good news is that the chances of these type of files appearing on BitTorrent are very low as trackers have moderators who remove such junk, something which is largely impossible on Gnutella (LimeWire) and eMule (ed2k). As long as the ‘infected’ users keep this stuff in their shared folder, there is little that can be done to stop it spreading. If they don’t clean this stuff out, no-one will, and it’s in this department BitTorrent comes out tops - again.
First of all, BitTorrent isn’t a ‘folder sharing’ client like LimeWire or KaZaA, which means that the user needs to use a torrent site to distribute (publish) his torrent. If the content is legitimate (and there are very few rules in most places, save obviously illegal material) the .torrent file will be up for all to download, with links to malware and viruses mostly filtered out by humans - otherwise known as ‘mods’ or ‘moderators’.
BitTorrent has thousands of hard working and largely unpaid moderators, who work tirelessly to make sure that files like these don’t make it to the BitTorrent user’s computer. In reality, files presented like the ones above could never slip by the site mods, they would see them a mile away and remove them quickly.
BitTorrent isn’t 100% malware free but compared to Gnutella and ed2k, it is astonishingly healthy and that is largely down to the strength of the system and the mods, who work non-stop behind the scenes to keep BitTorrent an enjoyable experience.
For the few small things that slip through the net, try our guides.
Previously: MPAA Demands $15 Million from The Pirate Bay
Next: Victorious BitTorrent Tracker to Return
62 Responses (Add yours or TrackBack)
Pages: « 1 [2] 3 » Show All
Umm, no, you can’t really get a virus from a MP3 or MPEG file unless you’re using some shitty media player like WMP and even then the file must be crafted to EXPLOIT a flaw in said player and that player only.
I’d bet dollars to donuts that you could open any of these files in VLC and nothing would happen. There’s no such thing as an exploit that works across all media players.
The only was this could get around is if it’s like a previous commentor described, these files are really .EXE and stupid fuckers are actually running them. If that’s the case, this is such non-news.
Terrible journalism at best here, you would think the writer of this article would have asked the obvious questions, but I guess not.
BTW if you use Linux or anything else with permission-based filesys then all files saved by your client are marked as non-executable anyways. Problem solved, unless you’re working with .rar stuff.
I’m surprised people still run that microsoft shit these days.
This is the whole article on how this malware is functioning… it requires to install a player… few other that newbs are gonna fall for this.
http://arstechnica.com/news.ars/post/20080508-alluring-mp3-movies-hit-limewire-install-malware-instead.html
Hope that helped!
Cheers!
http://www.ezee.se/
What the heck is going on? I pasted a link to a related article on ars tech and my comment didnt get posted… is mentioning Ars banned here or something??
Jag, it would seem that if the large portion of a post is a link, the system flags it up for approval, in case it’s spam. Thats what happened with your post. Relax, no conspiracy here. just an attempt to deal with spam, and link-bombing
[quote]Whether it’s a some fringe group exploding a trash can to get attention or someone chaining himself to a prominent building in protest, using the media is relatively cheap and effective.[/quote]
Why do not pro file-sharers get media attention and play the persecution card? Are they so apathetic to their beliefs that they just do nothing?
I don’t see the point of this article - it says nothing. What is the point of quoting a load of filenames and saying you should know better. Any file can be called anything. Smug is not a good way to help people - tell them something that will help them. I suspect this site is not all it purports to be.
[quote comment="380410"]Why the fuck would you use shareaza or the gnutella or the donkey shit network??? limewire is for noobs. fucking lamers[/quote]
The ed2k network doesn’t depend on trackers like bittorrent. Because of the Kad protocol not even servers are needed anymore.
Should a few larger BT trackers like TPB fall the ed2k network will still be up and running through Kademlia
The risk of downloading crap on ed2k is pretty small if you use common sense
[quote comment="380472"]Jag, it would seem that if the large portion of a post is a link, the system flags it up for approval, in case it’s spam. Thats what happened with your post. Relax, no conspiracy here. just an attempt to deal with spam, and link-bombing[/quote]
Sorry, posted it around 3 times and did check back after more than an hour, couldnt understand it as whatever i posted before on TF always gets displayed in around a min.
Totally respect your security in place to limit the spamming bastards, they really spoil it for everyone.
I use Akismet on my site, you might want to look it up, it catches most of the garbage out there (disclosure: am not in any way connected to this product, just an end user like a lot of others)
this is their link:
http://codex.wordpress.org/Akismet
Cheers!
http://www.ezee.se/
[quote comment="380501"] I suspect this site is not all it purports to be.[/quote]
And what exactly does this site “purport” to be? It just reports news that are related to filesharing and mostly torrents… so its a slow newsday, give them break will ya?
[quote]Organizations like the RIAA and IFPI like to play the fear card to reduce file-sharing so a nasty malware attack on P2P networks, affecting up to 27% of tested PCs this week, is a dream come true for them, as they continue to spread their message that P2P networks are nothing but trouble.[/quote]
Wow what a charged statement. It’s basically the equivalent of calling pirates terrorists. Are you seriously trying to imply that the RIAA or MPAA is behind this without even trying to link to proof?
[quote comment="380410"]Why the fuck would you use shareaza or the gnutella or the donkey shit network??? limewire is for noobs. fucking lamers[/quote]
i’ve found amule to be handy when i’m looking for somewhat obscure music; e.g., japancakes. able to get entire album that wasn’t “out there”, either as torrent or rapidshare, etc.
Why are there so many dumbfucks posting here? This has nothing to do with .exe files at all, you stupid morons. It’s about mislabeled ASF files. Who’s fault is it? In case of ASF: Microsoft. The same is also possible with Quicktime files which means it’s Apple’s fault.
These files can embed URLs which will be accessed automatically by your browser, if you open them with the standard players like Microsoft’s Windows Media Player (WMP) or Apple’s Quicktime. Blame Microsoft and Apple for adding such a redundant but extremely dangerous feature to this container formats. These corporations are absolutely incapable of learning anything from their mistakes. This kind of vulnerability is very close to their other high-profile mistakes but they’re doing it over and over again.
It’s absolute bullshit if people claim you can’t get viruses/worms/trojans from pictures, videos or audio files. You can, you will. Moreover, these kind of people are too dense to understand that an average user has virtually no possible to tell the difference between active and passive content. The line between these is already heavily blurred because the anti-social, clueless, narrow-minded morons called “IT people” keep adding illogical, dangerous, misleading features to file formats and software that make it useless to apply common-sense or the like.
All of this has very little to do with P2P anyway. There a lot of evil, infected websites out there trying and succeeding in installing malware. Infections through P2P are just the tip of the iceberg, infections through the web and email are dominating by far.
People claiming “Gnutella is for n00bs” have it backwards. BitTorrent is for n00bs because it gives you far less options to do something wrong and almost everything is controlled through bottlenecks called index sites. That doesn’t mean BitTorrent is safe or secure. It sure isn’t but the right option for n00bs is BitTorrent and nothing else.
For morons there’s only one option: Pull the plug.
38
Claiming than an index site is a bottleneck is just laughable, as bittorrent is THE dominating protocol out there, despite it’s very centralized setup. The thing that makes bittorrent stand out from all of the other protocols in use is the fact that it was built for speed and large files.
But, as you say, the fault for getting a virus lies on the end user whose often relying on some security “suite” like norton or mcafee to lie to them that all is alright with the world.
If one wants to be completely secure, they have to constantly check and recheck their computer for odd behaviour, and turn off all automatic stuff, because that’s ALWAYS the road in for crapware like this.
However… I must admit that I didn’t even notice that the bittorrent network “shrugged off” any attacks :S
Don’t forget also that people are less likely to seed garbage back out to other users if it adversely affects their machine/bandwidth.
i got one of these yesterday ya found it in my firefox cache whats it meant to do anyway ????
Its not just the moderators, the users also help in finding and reporting viral files.
Go Mac!
So, to summize:
- You have to be a Windows user
- You have to download a .EXE
- You have to manually execute a .EXE from an untrusted source, and not do it inside a sandbox
As usual, the only thing “running wild” here is utter stupidity and laziness. These are most likely to be the same clueless a-holes that don’t seed, so why try to protect them against this crap?
Rick (44), the clueless hole of an a, is nobody else but you. How often do I have to kick you in the head until you understand that this isn’t about .EXE files?
Anonymous (39), you’re waffling. If you have nothing to say, STFU and fuck your GF.
Moderation!? Piratebay, for example, does jack-all moderation.
I love how there is always a “must be a slow news day hardy har har” comment. Like they were somehow inconvenienced to read a blog that had information they already knew.
2 references to this post
Pages: « 1 [2] 3 » Show All
Add your response