Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Infecting the KaZaA network?
From: the Pull <osioniusx () yahoo com>
Date: Wed, 6 Feb 2002 21:44:21 -0800 (PST)

It is standard in p2p software that uses distributed
downloading to use cryptographic hashes (Swarmcast,
bittorrent, MojoNation, etc)... largely to prevent
such things.

I don't see any mention of "hash" on their site:

http://www.google.com/search?q=site:www.kazaa.com+hash&hl=en

But, it would be ludicrous if they didn't.



--- Andrew McClymont <andrewmcclymont () d-link net>
wrote:
I just found out a folder named "My shared folder"
under the KaZaA
installation folder.

Inside "My shared folder" there were various KaZaA
installshield
packages (exe files).

Now, the people at FastTrack promotes their engine
as a distributed way
to send files to end users. This is seen whe you
download KaZaA, you get
a little exe (500 k) that downloads the full KaZaA
client from one of
its users, I would guess, from the "My shared
folder".

What happens if I infect the files under "My shared
folder" with a virii
or some trojan, every user that gets their KaZaA
client from my computer
gets screwed, right?  And then, the victim himself
will be sharing the
KaZaA client infected to new victims.

Just wondering... Have a nice day!!
-Andrew McClymont



__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault