P2P / File Sharing: May 2006 Archives

For the enterprise downloading and using free consumer IM clients and P2P file sharing applications can invite viruses, worms and other security risks. Businesses must understand the challenges to their organization and if they are at risk for non-compliance with policies or regulations, intellectual property loss or worse.

Thankfully you don't have to give up IM to protect your enterprise. In this eSeminar learn how Microsoft Office Live Communications Server 2005 enables real-time communications. With proper management, it improves business efficiencies and increases productivity. Many leading organizations are already benefiting from this flexible enterprise IM solution.

Find out how companies are maximizing the value of their Live Communications Server investments with FaceTime Enterprise Edition. With FaceTime, you can stop rogue public IM use, detect and block applications like Skype 2.0 and ensure full compliance with state and federal regulations.

Join Marc Sanders from Microsoft and Eric Young from FaceTime as they explore:

- Pros and cons of enterprise-grade vs. free IM
- Transitioning from multiple public IM clients and P2P applications to a safe, secure, collaboration environment
- An example of how two companies have fully leveraged IM with FaceTime and Live Communications Server

The eSeminar is free click here to register.

Implementing Safe, Secure Enterprise-Grade IM
June 1, 2006 @ 12:30 p.m. Eastern/9:30 a.m. Pacific
Duration: 45 minutes

The Peer to Peer (P2P) client eMule; quite popular for file sharing and I'm sure illegal downloads (although I would never do that!) has kicked back with a fun, new P2P bot running around on its network. Normally I wouldn't get that interested in a boring old SPIM bot but this one had an interesting twist that grabbed my interest and forced me to crack open the toolbox. As I was minding my own business one day merrily downloading a set of unnamed files on eMule I couldn't help but notice I had two new messages.

http://blog.spywareguide.com/upload/2006/05/ScreenHunter_1-thumb.jpg

(Click Image to Enlarge)

Normally this would not be interesting. However eMule supposedly has URL filtering capabilities for comments in the form of a handy-dandy pattern matcher.

http://blog.spywareguide.com/upload/2006/05/eMuleURLFilter-thumb.jpg

(Click Image to Enlarge)

So as you can see this would normally filter out all http, https, and www; but low and behold in this case it isn't using any of these. This particular little bot is sending across FTP and it is showing up clear as day in my eMule client. Now they have my attention and no it's not from the catchy phrase "women in your town, blah blah". So obviously I fire up the trusty ole' copy of Ethereal and start sniffin'! Let's take a look at what we get.

http://blog.spywareguide.com/upload/2006/05/ftp_net_trace-thumb.jpg
(Click Image to Enlarge)

There's our nice little FTP stream and as we can see from the trace we end up with the file list.html. Looks harmless enough, but what is actually in this list.html and what happens when the browser decides to render this little goodie?

http://blog.spywareguide.com/upload/2006/05/list-thumb.jpg
(Click Image to Enlarge)

Hey! Surprisingly looks like valid HTML and wouldn't you know- it is! For the added "lemon twist" it uses a fun little META tag to refresh that page and send you off to have fun tonight- and maybe even wang chung tonight if you're really lucky.

So what does all this mean to the everday user?

Don't click on links, these guys are tricky little devils, but really not that tricky if you are really alert.

That is a lot of work for a simple little redirect just because eMule tries to filter comments that contain URL's.

Let's recap.....

1) They've written their eMule bot
2) Setup an FTP server
3) Written their crafty little html pages, and probably collected not more than a few cents with adult content.

Well worth wasting a fine Saturday afternoon for- not!

About this Archive

This page is a archive of entries in the P2P / File Sharing category from May 2006.

P2P / File Sharing: April 2006 is the previous archive.

P2P / File Sharing: August 2006 is the next archive.

Find recent content on the main index or look in the archives to find all content.