A Forum place to Warn of the Infected?

[mstfyd]

How about a warning area, where those people who share infected files can be identified, by name, IP, file name, or any combination


Someone (69.113.125.235.6346) - I don't know who, but I had used the "browse host" function & the list of files shows a strong preference for dancehall - thoughtfully included W32.Alcra.A in the files.

From the symantec site: this is a worm that spreads through file-sharing networks, such as Kazaa, Ares, eMule, Morpheus, Grokster, Bearshare, Limewire eDonkey2000, Gnucleus, Shareaza, and Rapigator. The worm also drops a W32.Spybot.Worm variant into the compromised computer.The dropped W32.Spybot.Worm variant opens a back door that allows a remote attacker to have unauthorized access to the compromised computer. The description continues, mentioning, stealing passwords, information, connecting to remote servers, etc.

There have been Beagles, new trojans, malware, all sorts of nasties. File sharing is not for the faint of heart or those without very good updated antivirus/adware programs.

But even a month later, the same infected pgm is still up there, being shared! Accidents do happen, and even the most vigilant users/software can slip up. Having the infected hanging around here for so long increases the odds.

I find it really hard to believe that it's just some innocent user who has no idea his files are infected. Wouldn't his computer acting up haven given a clue? The fact that user/IP address/file are around for so long leads to the conclusion that it must be deliberate & malicious.

Does anyone have any thoughts on why having this kind of warning area might be a bad idea?

[ukbobboy01]

Mstfyd

Your idea was discussed in the recent past and, I believe, quite rightly rejected. I understand that you want the P2P network protected from what you identify as "people with malicious intent”, but innocently infected users could find themselves caught in the crossfire.

You say:

Quote:

I find it really hard to believe that it's just some innocent user who has no idea his files are infected.

I would reply; check a number of threads in this forum, look at the number of people who have been scammed, look at the numerous amounts of (silly) questions being asked, you will find that there are a lot of naïve people out there and, yes, it is quite possible for someone to be infected and not know it.

P2P forums are not in the game of naming and shaming, conducting any kind of “policing” action or starting (dodgy) moral crusades. P2P is about sharing files anonymously and that anonymity is more important to the P2P community than anything else.

However, you can get help and advice on the best protective methods, both hardware and/or software, that is currently available right here in this forum.

Nevertheless, it falls to you, the individual, to protect your PC to the best of your ability.



UK Bob

[mstfyd]

Quote:

Originally posted by ukbobboy01

I would reply; check a number of threads in this forum, look at the number of people who have been scammed, look at the numerous amounts of (silly) questions being asked, you will find that there are a lot of naïve people out there &, yes, it is quite possible for someone to be infected & not know it.UK Bob [/B]

hmmm...I am sometimes silly & often way too naive for my own good, so I see the point you are making. I don't like witch hunts, which is why I mentioned the time frame. Those who have some sort of protection on their system have the file purged, & it isn't passed on. However, even petrie dish residue would be able to tell after a month on a virus/worm/malware diet that something is wrong with the computer. I just spent the greater part of an afternoon manually editing a registry so bloated with malware that free adaware was cringing in a corner. The owner called me because the computer nonstop requested internet access, & when she connected, all the nasty little buggers were pushing each other out of the way, trying to phone home. She isn't a tech goddess either, but it's hard to miss your computer freezing.

That's just things along the lines of bargain buddy, istbar, syslibie, mybar, turbo download, etc. No trojans like ByteVerify, W32.Tibick, Alwayup, W32.Alcra.A, all of which were caught either in mid download, or immediately after. True, the backdoor function of the trojans could go unnoticed if no one called them into play, but not one person in Mr or Ms petrie dish's address book noticed the odd emailing?

So now, we have this user, sharing the same infected files for long periods. His/her computer remains magically unaffected, & either those in the address book share the magic, or are as dumb as a box of rocks & don't notice odd emails from friends. Their guardian angels must look like roadkill.

Not everyone runs under the same blessings. My point was that those who appear regularly, offering the same infected files for a long time, but seeming to suffer no ill effects are more than simply leading a charmed life. The fact that it might be deliberate should not be disallowed, & there should be some way to warn. I did try the "chat/talk with host" option, but nothing happened. As long as there were forum suggestions, I thought this might be a good idea. Perhaps a time-delay for the posts to appear (in the meantime, a pm might be sent suggesting they clean up their act, or at least their files?). This would actually protect the naive & silly, & we would appreciate it ; )

[ukbobboy01]

Mstfyd

Point taken and well made but as I said before, your suggestion has been looked at and rejected.

And unfortunately, there is no protection for the naïve and gullible.




UK Bob

[Linuxhippy]

Well, of course they may :-(

Use a virus scanner or use Linux+scanner like I do ;-)

lg Clemens

[Linuxhippy]

However an integrated virus-scanner (optional, not in the default package) would be a great addition to LW.
I'll have a look how hard this would be to integrate...

lg Clemens

[ukbobboy01]

Linuxhippy

I have been an advocate of this suggestion for some time; see the following:

http://www.gnutellaforums.com/showth...threadid=36453

and

http://www.gnutellaforums.com/showth...threadid=34398

I can say this, if you can make this work and get the LW programmers to incorporate it into the software I will be your number 1 fan for life .




UK Bob

[Linuxhippy]

Quote:

I have been an advocate of this suggestion for some time; see the following:
I can say this, if you can make this work and get the LW programmers to incorporate it into the software I will be your number 1 fan for life .
UK Bob

Hi Bob!

I am currently working on this issue, but I will not integrate a complete scanner into limewire, rather I am writing a plugin which is able to use existing scanners on the users host-computer to scan the downloaded files immediatly before they are saved.
However I cannot promise how many scanners I'll support, at least ClamAV and very likely AntiVir, but it really depends how friendly the interfaces are scanner-programmers give me...

lg Clemens

Gosh ukbob your like a fundamentalist defending their religion. The right to privacy doesnt mean the right to totally wreck other ppls computers. When you purposely infect others you are defeating the whole purpose of shared networks. The alcra worm turns up when you search for just about anything and causes so much damage. the number of sources holding it remains constant so these pple are doing it on purpose. Maybe administrators could run a programme randomly that stops these known worms. like when they randomly assign turbo charged to ppl, it could search for and stop the trojans.

[ukbobboy01]

Dear glory_dance

You have completely misunderstood the main thrust of my post, I don't believe that vandals, miscreants or anyone else has a right to plant their viruses and Trojans all over the place and wreck other peoples computers. However, I do believe in my (and your) total right to privacy and I will not take part in anything that threatens that.

And I think you misunderstand how P2P networks work, i.e. there is no central computer to administer (and certainly no random assigning of "Turbocharge"), you just have individuals with PCs who can have anything on them.

Take a look at this P2P diagram and explanation:

http://www.kazaa.com/us/help/guide_aboutp2p.htm

So, in such an environment you have to protect yourself because any user on the network can have absolutely anything (worm, Trojan, virus, etc,) on their PC, there is no control or mechanism the moderators can use to keep you (or anybody else) safe.

If you have read my previous posts you will see that I have always said that the internet is now a very dangerous place and that P2P brings those dangers that much closer.

Therefore, if you want to be part of the P2P network then you must take precautions to protect yourself, e.g. anti-virus and firewall apps for starters.

Be safe.




UK Bob