BitTorrent as the next big thing in Spyware/Adware distribution?

Re: BitTorrent as the next big thing in Spyware/Adware distribut

Submitted by Alan Wolf (University of Wisconsin-Madison) on June 15, 2005 - 2:42pm.

Obtain and check the checksum from a valid source, assuming you trust the original source, you can be sure that it is what the original file producer intended to be distributed. If you are working with installers you should do this just to be sure the installer is complete and uncorrupted, as well as to minimize the problems that you are concerned with.

Re: BitTorrent as the next big thing in Spyware/Adware distribut

Submitted by Kyle Johnson (Guilford College) on June 15, 2005 - 10:28pm.

Alan, that is a good idea, but I think you'll agree that is beyond the scope of most normal users. If someone is going to fall for the standard social engineering attacks, they'll never even know how to do checksums. Now if that was built in to the BitTorrent client, then maybe. But what if I *intended* to distribute Spyware/Adware and *call* the file something else to get people to download it?

Re: BitTorrent as the next big thing in Spyware/Adware distribut

Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:50am.

Actually checking file integrity is integral to the process for a number of reasons. I grew up in the era (epoch) of FTP distribution so I do checksums out of habit.

Bittorrent no worse than going to a vendor site and downloading a file that might contain spyware. If I go to a vendor site and they provide a torrent and seed it is exactly the same. I was trying to describe why this could happen, but this is a better written description.

http://www.joestewart.org/p2p.html#SECTION00024000000000000000

Summary is that if the torrent file is valid, a bad actor can't put a bad file into the torrent swarm just by putting a file with the same name in his/her torrent folder (like could be done with other P2P apps). Bittorrent checks the file against the torrent file and the tracker. It the torrent and the seed are compromised, you are right it could be compromised (e.g. http://news.zdnet.com/2100-1009_22-5730254.html). If you trust the source of the torrent file by what ever criteria you choose to base this trust, bittorrent is a great way to distribute the bandwidth load for large files rather than a single sit taking a huge hit.

Re: BitTorrent as the next big thing in Spyware/Adware distribut

Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:54am.

I should have explained my link from ZDnet. It is not an example of a compromised seed or torrent file, it is an example of a large reputable company that was hacked and if they were distributing torrents, would be a trusted source. ...Submit is haste, repent is leisure.

Re: BitTorrent as the next big thing in Spyware/Adware distribut

Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:59am.

You should also look at http://osprey.ibiblio.org which is exploring the use of bittorrent for content distribution

		BitTorrent as the next big thing in Spyware/Adware distribution? Created by Kyle Johnson (Guilford College) on June 15, 2005 Well, this actually took longer than I thought. BitTorrent seems to be gearing up to be the next big thing for Spyware/Adware distribution. I don't know that I like eWeek's rather sensationalist title of "Spyware Floods in Through BitTorrent" but the points are well made. All of the good things about BitTorrent (fast distribution, relative anonymity, very little bandwidth usage for owner of the file) are all the same things that make it attractive to Spyware/Adware folks. Shoot, now they don't even have to pay for that much bandwidth. I must admit, there is a little part of me who wonders when I'm downloading the latest BitTorrent of something like Systm (which is perfectly legal, and yes, I am spelling it right) if I'm actually getting Systm or just something someone claims is Systm. I've gotten in the habit of trying to find torrent files that use the same naming convention every time, as those tend to be from the same person. Ultimately, there is still some amount of social engineering required for the final install, but if years of Internet Explorer and Outlook as virus vectors has shown us, that is a very low wall to hurdle. I hate to see good technology used this way, but maybe that's a good reason to use more private torrent files... Blog (WebLog) \| Cybersecurity Kyle's blog Login or register to post comments 4287 reads Re: BitTorrent as the next big thing in Spyware/Adware distribut Submitted by Alan Wolf (University of Wisconsin-Madison) on June 15, 2005 - 2:42pm. Obtain and check the checksum from a valid source, assuming you trust the original source, you can be sure that it is what the original file producer intended to be distributed. If you are working with installers you should do this just to be sure the installer is complete and uncorrupted, as well as to minimize the problems that you are concerned with. Login or register to post comments Re: BitTorrent as the next big thing in Spyware/Adware distribut Submitted by Kyle Johnson (Guilford College) on June 15, 2005 - 10:28pm. Alan, that is a good idea, but I think you'll agree that is beyond the scope of most normal users. If someone is going to fall for the standard social engineering attacks, they'll never even know how to do checksums. Now if that was built in to the BitTorrent client, then maybe. But what if I intended to distribute Spyware/Adware and call the file something else to get people to download it? Login or register to post comments Re: BitTorrent as the next big thing in Spyware/Adware distribut Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:50am. Actually checking file integrity is integral to the process for a number of reasons. I grew up in the era (epoch) of FTP distribution so I do checksums out of habit. Bittorrent no worse than going to a vendor site and downloading a file that might contain spyware. If I go to a vendor site and they provide a torrent and seed it is exactly the same. I was trying to describe why this could happen, but this is a better written description. http://www.joestewart.org/p2p.html#SECTION00024000000000000000 Summary is that if the torrent file is valid, a bad actor can't put a bad file into the torrent swarm just by putting a file with the same name in his/her torrent folder (like could be done with other P2P apps). Bittorrent checks the file against the torrent file and the tracker. It the torrent and the seed are compromised, you are right it could be compromised (e.g. http://news.zdnet.com/2100-1009_22-5730254.html). If you trust the source of the torrent file by what ever criteria you choose to base this trust, bittorrent is a great way to distribute the bandwidth load for large files rather than a single sit taking a huge hit. Login or register to post comments Re: BitTorrent as the next big thing in Spyware/Adware distribut Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:54am. I should have explained my link from ZDnet. It is not an example of a compromised seed or torrent file, it is an example of a large reputable company that was hacked and if they were distributing torrents, would be a trusted source. ...Submit is haste, repent is leisure. Login or register to post comments Re: BitTorrent as the next big thing in Spyware/Adware distribut Submitted by Alan Wolf (University of Wisconsin-Madison) on June 16, 2005 - 4:59am. You should also look at http://osprey.ibiblio.org which is exploring the use of bittorrent for content distribution Login or register to post comments
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.