Peer-to-peer networks have been a boon for people who like free music and software. But swappers may find themselves...
downloading a worm or virus instead of the latest version of some video game.
So far, there have been few pure peer-to-peer worms. More commonly, mass mailing worms also have a peer-to-peer component. Often, the worm spreads more via e-mail, thus obscuring the fact that it can also spread via peer-to-peer networks.
Cone-E, which surfaced this week, is such a worm. It spreads primarily via e-mail but when it infects systems the worm creates copies of itself with different file names. Those files, with names such as "401 guitar tabs.chm," "adult check passwords.chm" or "Credit card numbers.chm," can be accessed by users of the Kazaa peer-to-peer network.
Or earlier this month, mass mailer Bagle-Q looked for folders with "shar" in the name and then copied itself to it using a variety of enticing names. For example, it could appear as "Adobe Photoshop 9 full.exe," "Matrix 3 Revolution English Subtitles.exe" or "Windows Sourcecode update.doc.exe."
Convincing social engineering is needed for worms to spread via peer-to-peer networks because there are no known exploits that would allow the worm to execute automatically, said Patrick Hinojosa, chief technology officer at Panda Software. "The social engineering is needed to exploit the human vulnerability."
Protecting against peer-to-peer works isn't that difficult. Blocking the software in the first place is the surest bet. A properly configured firewall that only allows specifically approved services in and out would do the trick, Hinojosa said.
If a company wants or has to allow peer-to-peer exchanges, then memory-resident antivirus software should be installed on desktops. Such protection would mean any downloaded file is scanned before it's executed.
The danger posed by peer-to-peer sharing highlights the need for multiple layers of protection. For example, many companies have gateway scanners, which are helpful because they stop worms before they hit the network and therefore save bandwidth, said Carole Theriault, security consultant at Sophos. However, such scanners don't protect against worms that spread via peer-to-peer networks.
"Antivirus protection at the desktop is paramount," Theriault said. "Worms can travel by so many ways including instant messages, peer-to-peer networks and even downloads from Web sites."