Streamerp2p Forum

P2P file sharing networks like Kazaa are becoming targets for malicious code. Heres the link to the Wired article.

http://www.wired.com/news/business/0,13 ... _tophead_6

Kazaa, full of virii?. Never would have guesed that . Sounds like a planted news story.

Kazaa is being attacked by RIAA hackers at the moment, who have found a fairly good way to poison a large percentage of downloads. If you get a file with a loud screetiching noise in it, you have been hit.

It works like this (a guess...). RIAA run some hacked supernodes, they gather song names and file hashes from users logging on. They also run some non-supernode hacked clients. These hacked clients report that they are sharing all the files for which the supernodes have hashes (and to which they own the copyright, possibly...). The hacked clients do not have to be connected to a hacked supernode, although if they are then they can 'share' every single file the supernode knows about. A victim tries to download a file, the multisource downloading finds several sources, a hacked client is one of them. The hacked client uploads a bit of crud to the victim. It only has to upload a bit of data because that will spoil the whole download, and it then probably disconnects so it can poison the download of another victim.
I tested the theory by downloading a file twice, and comparing them. They where different, so it is probably not being done by sharing actual corrupt files. This method doesn't need any files at all to share, that's how it can target probably hunderds of thousands of files from a single hacked client.

Simple and effective, given that crappo kazaa doesn't have any corrupt download verification system.

The 'fix' is to set the numebr of sources per download to one. That way you either get a whole good file from one user, or only crud from the hacked client. The hacked client cannot insert a bit of crud into an otherwise OK file. kazaa-lite can set max sources per file, dunno if the official kazaa spyware-trojan can.

Interesting to see if this method is also corrupting downloads of files that the artists are allowing to be shared on p2p. I guess the RIAA are being carefull enough to at least try and not do this, because it could bring legal action against them that could succeed. On the otherhand, they could just deny responsibility. I wonder if anyone is tracking the IP's of hacked supernodes and clients yet, it is easy to do.

It's probably not breaking the DMCA because kazaa traffic is not encrypted. It is breaking kazaa's EULA, but I don't think the RIAA care about that I bet. They only 'play fair' when they know they are being watched.

Actually, thinking about it...
I I was the RIAA, and I wanted to stuff kazaa, I'd write a worm!.
It would infect kazaa, make it report it had many more files than it really had, and make it upload crud when those files are requested. And in the display show the uploads as being other files that the user actually had of course. Nicely unattributable too. I'd bet actual real $$$ that this is what is happening.

it sounds like pretty nasty stuff they're doing.

And you're right. They only play fair when it suits them.

I can't seem to find the link to a forum which listed a ton of bad IP addresses, many of them apparently connected to Ri*aa, anyway I do remember that that forum brought me to PeerGuardian, which I guess is an effort to try to track hacked supernodes and clients. I haven't tried it yet anyway..