Panda software: Malicious code and P2P file sharing networks [View All]

Posted in GD as a public service.

The poster is not an employee of, or in any way associated with Panda Software.
---

"Science is organized knowledge. Wisdom is organized life."
Immanuel Kant (1724-1804); German philosopher.

Malicious code and P2P file sharing networks

Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, October 22, 2003 - More and more viruses are using peer-to-peer(P2P) file sharing networks and clients as a means of transmission. Today in Oxygen3 24h-365d, we are going to look at how they do this and the basic security measures to adopt in order to protect computers.

P2P networks allow users to collaborate and exchange information via the Internet. For example, this type of architecture can be used to resolve complicated tasks that require high calculation power, by sharing the load across several computers connected to one another. The formula that is most popular with Internet users is the one that allows them to exchange files, using programs like KaZaA, eDonkey or eMule.

These applications act as a client and a server at the same time, allowing users to share files with the rest of the users while downloading any files they want. Due to the popularity of these applications, virus authors have identified them as a new way of transmitting their creations. A recent example is Gibe.C, which as well as spreading via e-mail, IRC, and local networks, also spreads via KaZaA. In order to spread through this P2P program, Gibe.C follows the following routine.

1) The worm creates several infected files in the KaZaA directory used to share files with other users. In order to trick other users into downloading these files, it assigns them names that suggest that they contain useful programs, movies, games, music, latest versions of software, etc.

2) This worm spreads to other computers when a user, using the search function included in P2P programs, finds and downloads one of these infected files. When the user opens the infected file, the computer will be infected and the worm will create copies of itself in the shared directory of the P2P program, thereby turning it into another source of infection.

Although infected files can be detected before they are downloaded observing certain details -such as a smaller size when the content of the file should occupy various megabytes- you cannot guarantee that a file is virus free by simply looking at it. For this reason, effective and completely updated protection that scans all the files you download is still the best protection tool.

For further information about Gibe.C and other malicious code, visit Panda Software's Virus Encyclopedia at: http://www..pandasoftware.com/virus_info/encyclopedia

NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Bugbear.B, 2) Blaster; 3) Parite.B; 4) Gibe.C; 5) Klez.I.