The Revoluti0n
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
Strange Article - A New Age: p2p.worm by Slage Hammer
Till few months ago, every one was mainly worried from i-worm,
for who don't know what they are, i-worm is a generic name of
the family of worm that spread trough Internet. I-worm=Internet worms.
Just for remember some of the most famous one we can mentioned,
Melissa (macro virus), Zipped_files (delphi),I-love_you (vbs),
just to remember some of the most famous till arrive to the most
recent one still ITW i-worm.klez.h (MS Visual C++).
Well, from few weeks or at least one and an half months a new treat is appear,
the 2p2 worms.
The first one never known it was the mandragore.gnutella worm.
You can read a description of it here: http://www.viruslist.com/eng/viruslist.html?id=4161
The first tough is what will happen at AV sites like messagelabs
(http://www.messagelabs.com/viruseye/) that are 100% oriented
to show at costumers that they intercept every possible, known or unknown i-worm ?
Well i think that they will stay alive but day after day,
till maybe a new world wide i-worm infection they will loose attention from costumer
(this is not a such problem) but from Media whores too and this is,
a bigger problem from every company, AV or not AV.
I belive that almost everyone that has a pc have tried a software like Kaza,
Morpheus, or the first one in this family Napster,
right now there is a huge variety of p2p software,
more than 50 different ones are around for public or private networks.
The main reason for such software because they are pretty common
for home user as well professional user is the very easy way to download
and share in the same time mp3 files but every other file too.
For my point of view the p2p networks are a new land,
where everyone can find everything, keeping anonymous
the new version of what it was the news groups anonymous servers
till one years ago when after the Hybris world wide infection, they were purged.
Now what is a p2p.worm and what is the main difference from a worm.win32 ?
The main difference is a p2p.worm to spread needs that the user downloads it and runs it,
without running (executing) a p2p.worm can not spread;
while a worm.win32 spreads by itself looking for network shared drive and or folders,
e-mail and so on.
At the time of this writing we know several p2p.worms Sytro,Duload,
Walrain,Supernova,Bare just to remember the names of some,
and the number for sure will rise because almost every day a new one appears
if not a brand new, a variant (some times a copy cat) of an already known one.
The funny thing about p2p.worms are that they spread using very funny
and amazing names like, famous games crack, some porno references
( i like tits for examples),Emulators software,keygen and others.
So the users that search in p2p networks can be easy tricked by the names,
download what they belive is real software,execute it and they get infected.
So its very easy:
1) search in a p2p network
2) download the selected file (thinking is a real crack,
or a porno screen saver for example) and executing it.
right now corporate are getting precautions again p2p networks such as
don't networking pc(s) that are used for using p2p networks,
removing the software from the servers/workstation
if the user is not really expert and so on.
The only real protection against p2p worms is to have installed
an update resident Anti Virus able to scan compressed files,
like UPX (the most common used to limit the size of the .exe files)
able to lock the executing of the infected/suspicious file
that the unsmart user downloads. But belive me only 1/5000 costumer
have this and even who has all that some times prefer disable
the AV for not having problems with the network sys adm.
so p2p.worms are a new age.
Getting back for a second about i-worm stuff. Every corporate right now,
learning from the older world wide infections,
have one or maybe more than one gateway,
to protect their network against i-worm infections so every day
is getting hard for i-worm coder to write a new piece of code
able to trick gateway,firewalls, second level AV and so on
but of course this doesn't mean that it is impossible,
im sure that in this moment, in some part of the world,
someone is spending hours, in coding something new.
But what is getting very hard for an i-worm coder alike
is pretty easy for a p2p.coder.