Seungwon Shin, Jaeyeon Jung, Hari Balakrishnan
Internet Measurement Conference (IMC), Rio de Janeiro, Brazil, October 2006
In recent years, more than 200 viruses have been
reported to use a peer-to-peer (P2P) file-sharing network as
a propagation vector. Disguised as files that are frequently
exchanged over P2P networks, these malicious
programs infect the user's host if downloaded and opened,
leaving their copies in the user's sharing folder for further
propagation. Using a light-weight crawler built for the KaZaA
file-sharing network, we study the prevalence of malware
in this popular P2P network, the malware's propagation
behavior in the P2P network environment and the
characteristics of infected hosts. We gathered information
about more than 500,000 files returned by the KaZaA network
in response to 24 common query strings. With 364 signatures
of known malicious programs, we found that over 15% of the
crawled files were infected by 52 different viruses. Many of
the malicious programs that we find active in the KaZaA P2P
network open a backdoor through which an attacker can remotely control
the compromised machine, send spam, or steal a user's confidential information.
The assertion that these hosts were used to send spam was
supported by the fact that over 70% of infected
hosts were listed on DNS-based spam black-lists.
Our measurement method is efficient: it enables us to
investigate more than 30,000 files in an hour, identifying
infected hosts without directly accessing their file system.
[PDF (127KB)]
Bibtex Entry:
@inproceedings{shin2006malware, author = "Seungwon Shin and Jaeyeon Jung and Hari Balakrishnan", title = "{Malware Prevalence in the KaZaA File-Sharing Network}", booktitle = {Internet Measurement Conference (IMC)}, year = {2006}, month = {October}, address = { Rio de Janeiro, Brazil} }