Jump to content
Sign in to follow this  
Yamaha

Malware on p2p

Recommended Posts

I have found several articles by tiversa saying malware can change save folders on p2p to move

Personal files into the share folder so everyone on your network can access you personal files. Tiversa has some claims against them that makes me wonder if they are just saying stuff to scare people. https://cdn3.vox-cdn.com/uploads/chorus_asset/file/3709398/2015.01.02_Staff_Report_for_Rep._Issa_re_Tiversa.0.pdf

 

Yes of course malware is on p2p most people think it's number 1 cause for viruses. Actually it's websites these days is what I read. But yes it could happen that malware would do this but so could Harry Potter it could happen as well. I just wanted to see how realistic this claim from tiversa is about changing folders around to make everyone access your personal info. Me and others I've talked to think it's mainly to scare you of the worse and that they never had any proof to support the cause and no articles ever mention this. http://www.consumer.ftc.gov/articles/0016-p2p-file-sharing-risks

 

Please give me pure honesty and yes again I know malware is on p2p and its bad for your computer. I just want answers to how likely it would change the folder situation

Share this post


Link to post
Share on other sites

Article is too long so I didn't read it all. This probably won't answer your specific question, but hopefully it's headed in the correct direction.

 

My definition of "malware" is quite simple. Anything installed on your computer or doing "things" with your computer without your express permission. If you didn't purposefully install it or want it to run... it should be there or be running.

 

You've already stated that you understand that programs acquired through p2p often contain malware (in my experience, maybe 90% of the time), but perhaps you don't understand how they contain malware.

 

In most cases, the programs/files have been "patched". What this means is that the actual program has been changed. In most cases it has had something added to it. In most cases, what is added to it is nefarious.

 

Let's just take a quick example. Let's say you use p2p to download a program. It has an installer that has been patched. This installer...installs the program you think you wanted, but it also installs a program that was patched into it. This "new" program simply changes a few permissions, and then, helped by your p2p client opening a couple ports through your firewall, a packet of information is sent to "someone" containing your private information. This isn't a far fetched scheme. It's even simpler to have the patched program "move" your information and then encrypt it so you don't have access to it. That is how Ransomware works.

Share this post


Link to post
Share on other sites

I understand that. I'm talking about downloading a file and have it embedded with malware and then it changes your share folder to add personal files into your p2p shared folder. So that users can download all your personal information on the p2p network. I know malware is out there all sorts but what's the likelyhood of this specifically in your guys opinion

Share this post


Link to post
Share on other sites

Perhaps I wasn't clear. Sometimes I use to many words.

 

It's easy to do.

Share this post


Link to post
Share on other sites

Well moving files to a different location and encrypting it and holding them ransom is one thing but moving them all to a programs share folder is different so I was clarifying. And easy to you might be hard for the other guy. I sure wouldn't know how to do it

Share this post


Link to post
Share on other sites

To share it, you only need to change permissions. It's not like you have to open a drawer, find a folder, remove a specific piece of paper, go to another file cabinet, find another folder, and put the paper in it.

 

I'm not a programmer, so it might not be easy for me to do personally... but I understand how it works, and I'm fairly certain I could do it... and I know it can be done as I've seen it.

Share this post


Link to post
Share on other sites

You have seen malware change a p2p share folder before? What folders do they generally make a available. Because limewire won't let you share your entire hard drive so they would have to add individual folders

Share this post


Link to post
Share on other sites

I have no clue as to how to answer "what folders do they generally make available?"

 

You are asking for specifics in a theoretical question. I am not able to answer that.

 

I will note that you can make your entire hard drive a folder. Safeguards put in place are much like the doors and windows in your home. They are designed to keep the honest people out.

Share this post


Link to post
Share on other sites

Have you seen malware change folders before on a p2p cause you said u seen it done. Which p2p network

Share this post


Link to post
Share on other sites

I've seen permissions changed, and files moved. I've seen files "hidden" from the user. It's not a function of the p2p program, its a function of the malware that is patched onto the downloaded program. I've seen personal info "phoned home" through ports opened by the p2p client.

 

I interpreted your initial question as "Can this be done?" My answer is yes. Believe me or not, I don't care. Though I'm willing to debate virtually any point, I don't choose to participate in a "prove it" type discution, especially in a topic that asked for an opinion.

Share this post


Link to post
Share on other sites

Thank you for your opinion. Yes I know it could happen. But just how likely. Like 1 in a million or every time you download a file type of changes.

Share this post


Link to post
Share on other sites

Every time you download a file that has been pathed with malware that does it.

 

I said earlier, that in my experience, about 90% of shared files are patched. The files I see are movies, music, and pirated programs (for the cracked software I'd say the odds of the file being patched are 99%). There are legitimate files shared legitimately using p2p clients. Those files are almost always clean and therefore I never see the results. All that being said, files are patched with literally thousands of different malwares. Some are infected with trojan downloaders that "invite in" a wide variety of different malware that will be different each time the file is ran. In 2013, McAfee detected over 250,000 different, unique ransomwares alone. There are many more out there today. There is no way to predict how often a user is going to download a file that is infected with malware that will do exactly what you are asking.

 

Just for the sake of discution, lets say we limit our sample only to cracked programs. I'd say that 99% of those are patched. (in 2011, Immunet did a study and found that infection rate "far exceeded 90%") Obviously, the chance of that particular manifestation of malware will be significantly less. I have no scientific evidence to support this, but based upon the number of people I see using p2p, and the frequency I see this type of a manifestation, I'd have to say that 1 in a million would be closer than 1 in a thousand. That doesn't change the fact that any infection rate is closer to one in one. I believe that is was Krebs on Security that did a study, probably 2012 or 2013, where they downloaded 100 files and came up with something around 450 different infections.

Share this post


Link to post
Share on other sites

Thanks I appreciate your insight. So you were saying for that particular malware that changes share folder settings would be close to 1 in a million than one in a thousand in your opinion? Correct?

Share this post


Link to post
Share on other sites

correct

 

Remember that there are several million downloads every day.

Edited by Tomk_

Share this post


Link to post
Share on other sites

But when it's bit torrent like the new frostwire. I hear it's not likely to get malware because it's coming from many different sources instead of just one downloading source

Share this post


Link to post
Share on other sites

Likely correct, but just saying Yamaha, use torrent files at your own risk. There are no 100% guarantees.

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

I don't use them no more. I haven't used it since 2010 since it shutdown. I just read that article by tiversa and wondered how likely that particular malware of it changing your save folder with personal files happened. They made it sound like it was common and no one really has even heard of it. I'm thinking they are a little windy with their exaggerations

Share this post


Link to post
Share on other sites

But when it's bit torrent like the new frostwire. I hear it's not likely to get malware because it's coming from many different sources instead of just one downloading source

In my opinion, your reasoning is 100% wrong. Downloads coming from many different sources is exactly what p2p is. Therefore legitimate sources are nearly impossible to identify. When programs are downloaded from the authors site... you can be fairly certain that it is clean because the author can verify it as it is only availible from the one, relativily secure site.

 

As a side note, some ISP's (mine happens to be one of them) will lock your account if they find you running p2p clients. Anyone choosing to participate in this extremely risky behavior, should check their ISP's TOU. Will the ISP catch everyone? No. But do you want to be the one they do catch?

Share this post


Link to post
Share on other sites

Well I figured since it came from

Many sources that malware couldn't attach to just a little pieces

Share this post


Link to post
Share on other sites

Well I figured since it came from

Many sources that malware couldn't attach to just a little pieces

 

I'm not sure you 100% understand how P2P works. The original file comes from one source and not 'many sources'.

 

The whole point of torrent files is that they are broken down into 'chunks' and then shared. If the original file has the malware patched into it all that happens is that it gets broken down into the torrent chunks and shared across the peer network.

 

What you can't do is add some malware yourself to one of your chunks and push it back out to the swarm; this changes the MD5 tags for the original.

 

As for scripting some malware to move / copy files from one location to another that's fairly straight forward and as Tom pointed out; it's just a matter of permissions on individual folders, or if you want to be really clever, you could change the permissions to share the root access to a whole drive.

 

TBH; torrent files are a pretty inefficient way to spread malware, thing like FBI and cyptolocker viruses / malware spread fast because they infect high traffic websites and vulnerabilities in browsers and flash etc; something nearly every one of the 3 billion PC users out there have.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...