P2P threats living up to predictions
Late last year, we polled a number of information security experts on what emerging threats would turn into true risks in 2008.Two of them mentioned information peer-to-peer channels. So far, so good.
It appears cybercriminals are setting up shop in the murky waters of P2P networks.
Last week, we wrote about a huge outbreak of malware detected by McAfee researchers in which malicious P2P files - claiming to be songs or videos - actually directed users to a malware-laden website. Then this week, we learned of a scam in which cybercrooks offered allegedly free downloads for "Grand Theft Auto IV" across P2P networks. However, the file was actually a trojan.
P2P networks are turning into a viable attack vector, as many users tend to trust what they see over these channels.
Users should be wary of clicking on .exe files and should always make sure they run anti-virus against whatever they download. On the other side of the coin, P2P networks - as this type of attack continues to grow in prevalence - need to do more to protect their users. So far, according to one professor we spoke to last week, P2P providers such as LimeWire do very little in the way of filtering or malware checks.
I'd ask LimeWire what they do, or plan to do, to safeguard against criminals using their networks to perpetrate these crimes, but my company - as many do - blocks access to file-sharing websites.
Minaxi Gupta, an assistant computer science professor at Indiana University, and a team of grad students are about to release some recommendations of what P2P providers must do to reign this problem in. Among them, she said, will be to add heuristics to detect malicious files.
Should be an interesting paper to read.
