Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE Security and Privacy
Measurement, modeling, and analysis of a peer-to-peer file-sharing workload
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The FastTrack overlay: a measurement study
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
Malware prevalence in the KaZaA file-sharing network
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Measurements, analysis, and modeling of BitTorrent-like systems
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Cutting through the confusion: a measurement study of homograph attacks
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Analyze the worm-based attack in large scale P2P networks
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
Measurement and Analysis of Autonomous Spreading Malware in a University Environment
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Why file sharing networks are dangerous?
Communications of the ACM - Inspiring Women in Computing
Journal of Management Information Systems
Trusted Reputation Management Service for Peer-to-Peer Collaboration
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
Pirates of the search results page
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Peer-to-peer (P2P) networks continue to be popular means of trading content. However, very little protection is in place to make sure that the files exchanged in these networks are not malicious, making them an ideal medium for spreading malware. We instrument two different open source P2P networks, Limewire and OpenFT, to examine the prevalence of malware in P2P networks. Our results from over a month of data show that 68% of all downloadable responses in Limewire containing archives and executables contain malware. The corresponding number for OpenFT is 3%. Also, most infections are from a very small number of distinct malware. In particular, in Limewire, the top three most prevalent malware account for 99% of all the malicious responses. The corresponding number for OpenFT is 75%. We also investigate the sources of malicious responses. To our surprise, 28% of all malicious responses in Limewire come from private address ranges. In OpenFT, the top virus, which accounts of 67% of all the malicious responses, is served by a single host. Further, our study provides a useful insight into filtering malware: filtering downloads based on the most commonly seen sizes of the most popular malware could block a large portion of malicious files with a very low rate of false positives. While current Limewire mechanisms detect only about 6% of malware containing responses, our size based filtering would detect over 99% of them.