Skip to main content
Article thumbnail
Location of Repository

Malware Prevalence in the KaZaA File-Sharing Network Seungwon Shin ETRI

By Daejeon Korea, Jaeyeon Jung and Hari Balakrishnan

Abstract

In recent years, more than 200 viruses have been reported to use a peer-to-peer (P2P) file-sharing network as a propagation vector. Disguised as files that are frequently exchanged over P2P networks, these malicious programs infect the user’s host if downloaded and opened, leaving their copies in the user’s sharing folder for further propagation. Using a light-weight crawler built for the KaZaA file-sharing network, we study the prevalence of malware in this popular P2P network, the malware’s propagation behavior in the P2P network environment and the characteristics of infected hosts. We gathered information about more than 500,000 files returned by the KaZaA network in response to 24 common query strings. With 364 signatures of known malicious programs, we found that over 15 % of the crawled files were infected by 52 different viruses. Many of the malicious programs that we find active in the KaZaA P2P network open a backdoor through which an attacker can remotely control the compromised machine, send spam, or steal a user’s confidential information. The assertion that these hosts were used to send spam was supported by the fact that over 70 % of infected hosts were listed on DNS-based spam black-lists. Our measurement method is efficient: it enables us to investigate more than 30,000 files in an hour, identifying infected hosts without directly accessing their file system

Topics: Categories and Subject Descriptors C.2.0 [COMPUTER-COMMUNICATION NETWORKS, General Keywords Peer-to-peer, KaZaA, Virus Prevalence General Terms Measurement, Security
Year: 2014
OAI identifier: oai:CiteSeerX.psu:10.1.1.415.8111
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://iris.csail.mit.edu/iris... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.