Peer-to-peer networks create easy pathways to sharing files and information over the Internet, but many participants may be sharing something they didn’t intend to, with someone they don’t want to be associated with.
Blue Security, an anti-malware startup in Israel, has found that spammers are harvesting e-mail addresses accessed through P2P networks such as Gnutella and eDonkey.
The company said it found hundreds of cases in which P2P users left open access to their entire hard drives instead of just the files they wanted to share. Spammers can then search for e-mail addresses and other contact information stored in Microsoft Outlook or Outlook Express.
The problem is a serious one, one security analyst told TechNewsWorld.
“I do think this is a pervasive problem, but not necessarily because a large number of people are sharing their address-books on P2P networks,” SecurityCurve President Ed Moyle said. “The issue is the broad and rapid dissemination of these addresses among the spamming community once they are located. In other words, once one spammer has your address, it’s only a matter of time before they all do.”
Blue Security also found — “in large quantities” — text, Word and Excel files containing e-mail addresses and mailing lists through P2P networks simply by searching for files containing words such as “e-mail” and “addresses” in their names.
Spam Piles Up
The company’s researchers also tested to see how quickly spammers get their hands on the information and found that in three days, accessible personal information was downloaded about 25 times each. The accessible e-mail addresses received 700 spam messages from six different spammers in that time.
“As users, it seems obvious that posting our e-mail address on a publicly accessible Web page is likely to lead to increased spamming activity,” Moyle said. “However, the problem associated with P2P harvesting isn’t obvious, since we don’t even have to run P2P software for our e-mail address to be disclosed. If our e-mail address winds up in a friend or colleague’s address book for example, we could find ourselves subject to spamming.”
Blue Security plans to launch a beta of its anti-harvesting technology later this year. It is based on the concept of a “Do Not Disturb” registry.