Another reason for renaming files is effectively the presence of fake files, whose names are returned matching exactly the query, but whose content is advertizing for some porn sites.
These files are easy to detect: lots of people share them without verifying the content, and so these files have unusually high number of sources (100 or more, matching the same SHA1 signature).
This affects mostly small video files (around 3 to 5 MB), but I have seen recently some fake Windows Media Audio files, that contain automatic links to these porn sites.
May be we should think about creating a distributed database of files identified by their SHA1 or URN with such deceptive unrelated contents.
For now one of the surest ways to detect fake files is that their name match exactly the query string: in LimeWire, query strings that are sent are formatted in lowercase, with no punctuation, and single separation spaces, and no common short keyword like "a" or "on" or "is". A query hit without significant meta-data and no verbose description, and a size below 5MB, and lots of sources (more than 30) is almost always a fake deceptive file. |