The FastTrack overlay: a measurement study
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
Characterizing unstructured overlay topologies in modern P2P file-sharing systems
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Analyze the worm-based attack in large scale P2P networks
HASE'04 Proceedings of the Eighth IEEE international conference on High assurance systems engineering
A first look at peer-to-peer worms: threats and defenses
IPTPS'05 Proceedings of the 4th international conference on Peer-to-Peer Systems
Clustering in peer-to-peer file sharing workloads
IPTPS'04 Proceedings of the Third international conference on Peer-to-Peer Systems
A study of malware in peer-to-peer networks
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Management of peer-to-peer overlays
International Journal of Internet Protocol Technology
Measurement and Analysis of Autonomous Spreading Malware in a University Environment
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Spam characterization and detection in peer-to-peer file-sharing systems
Proceedings of the 17th ACM conference on Information and knowledge management
Cost-effective spam detection in p2p file-sharing systems
Proceedings of the 2008 ACM workshop on Large-Scale distributed systems for information retrieval
Why file sharing networks are dangerous?
Communications of the ACM - Inspiring Women in Computing
Journal of Management Information Systems
Unknown Malcode Detection Using OPCODE Representation
EuroISI '08 Proceedings of the 1st European Conference on Intelligence and Security Informatics
A Chronological Evaluation of Unknown Malcode Detection
PAISI '09 Proceedings of the Pacific Asia Workshop on Intelligence and Security Informatics
Information Security Tech. Report
Malicious Code Detection Using Active Learning
Privacy, Security, and Trust in KDD
On the effectiveness of internal patching against file-sharing worms
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
GTPP: General Truncated Pyramid Peer-to-Peer Architecture over Structured DHT Networks
Mobile Networks and Applications
A novel contagion-like patch dissemination mechanism against peer-to-peer file-sharing worms
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Consumer Piracy Risk: Conceptualization and Measurement in Music Sharing
International Journal of Electronic Commerce
TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In recent years, more than 200 viruses have been reported to use a peer-to-peer (P2P) file-sharing network as a propagation vector. Disguised as files that are frequently exchanged over P2P networks, these malicious programs infect the user's host if downloaded and opened, leaving their copies in the user's sharing folder for further propagation. Using a light-weight crawler built for the KaZaA file-sharing network, we study the prevalence of malware in this popular P2P network, the malware's propagation behavior in the P2P network environment and the characteristics of infected hosts. We gathered information about more than 500,000 files returned by the KaZaA network in response to 24 common query strings. With 364 signatures of known malicious programs, we found that over 15% of the crawled files were infected by 52 different viruses. Many of the malicious programs that we find active in the KaZaA P2P network open a backdoor through which an attacker can remotely control the compromised machine, send spam, or steal a user's confidential information. The assertion that these hosts were used to send spam was supported by the fact that over 70% of infected hosts were listed on DNS-based spam black-lists. Our measurement method is efficient: it enables us to investigate more than 30,000 files in an hour, identifying infected hosts without directly accessing their file system.