Monday, August 04, 2008

P2P (Peer to Peer) Nightmare

Regular Security Garden readers may have wondered why so many days have passed since my last blog post. Aside from real-life activities and forum administration duties, a considerable amount of my free time has been devoted to helping someone clean a Chinese language Windows XP computer.

As an English-only reading person, the Chinese characters did not make reading the logs any easier. But that was not the most difficult part. Apparently file-sharing with P2P (Peer to Peer) programs is particularly common in China. Through many hours of research attempting to identify some of the unusual files on the computer, I discovered that the person actually began getting help at a Chinese help site in May, with the impression that the computer was clean. When the symptoms recurred shortly thereafter, the person requested help at an English-language site in June and eventually cross-posted at a site where I provide help -- each time with a different user name.

When presented with a choice as to which place the person was going to continue receiving help, much to my chagrin, the person elected to have me continue and posted a closing at the other site. With the difference in time, I would spend a good part of the evening studying and researching the logs and providing instructions. The results would be posted the next morning while I was at work, so again I would spend more evening time analyzing the results.

I was not the only person studying the logs. We have a very interactive team and they were also spending time trying to get to the bottom of the problem. Each time a new scan was made, new files turned up infected.

The person being helped was resistant about removing programs identified as questionable, saying they had been used for years! Finally, it became necessary to issue an ultimatum of sorts. Either remove the dodgy programs and P2P software or the best advice I could give would be to reformat the computer.

Now we get to the reason for this long-winded post . . .

If you use P2P programs you will likely find your computer being in the same state as that person I and others spent so many hours helping clean. Some of the Security Forums are even beginning to refuse assistance if P2P programs are installed on the computer.

Use of P2P programs can result in identity theft or exposing confidential or sensitive employee information. The list below illustrates many reasons why P2P programs are dangerous and why members of the security community advise against their use.
  • P2P programs form a direct conduit on to your computer.
  • P2P security measures are easily circumvented.
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  • There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers and increasingly so of late with Viruses, Worms and Trojans being distributed with the downloaded files.
  • P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • Paedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

By the way, the person did agree to uninstall the P2P programs and we proceeded with what appeared to be a final cleanup. Then, what did I spot that had been downloaded to the computer again? Yes, you are correct -- two of the programs previously removed. That was when I provided instructions for removing the tools used in the process and wished the person luck.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Anonymous said...

You're assuming that p2p programs are all alike. Some, such as limewire, are notoriously full of malware. Others, such as certain bittorrent clients, are open-source and fully trustworthy.

Corrine said...

Yes, if used responsibly, that is true.

That is generally not the case with the infected computers we see in the forums. Nor is it the case with identity theft or the loss of confidential information as described in the linked articles.

Parents need to be aware of the inherent problems if their children use P2P programs. Similarly, employees should consider the consequences if using P2P programs on company computers.

James said...

Nice article, Corrine. I posted a link to it over at my WindowsTalk blog.