Personal Tech Pipeline | Spammers Harvesting Addresses From eDonkey, Gnutella

White Papers

Sponsor Resources

Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

April 19, 2005

Spammers Harvesting Addresses From eDonkey, Gnutella

Courtesy of TechWeb News

Spammers are mining peer-to-peer (P2P) networks for addresses, and finding it lucrative work, a security expert said Tuesday.

According to Eran Reshef, the chief executive and co-founder of Blue Security, sophisticated and smart spammers are harvesting e-mail addresses from systems linked to P2P networks via such software as eDonkey 2000 and Gnutella.

"They're going into P2P networks and harvesting addresses accidentally shared, then spamming every address they find," said Reshef.

P2P harvesting is very different from the better-known directory harvest attack (DHA), which is when spammer's flood mail servers with thousands of address variations, hoping to get a response when a valid address is queried. P2P harvesting relies on novice file-sharing users who mistakenly set their software to share more than just one or two directories on their PC.

"All it takes is one person you know, who you've sent an e-mail address," said Reshef. "This friend of yours has your e-mail address somewhere in his files, likely in his Outlook .pst file. He doesn't know P2P, and rather than share just some songs, sets the file-sharing software to share his entire hard drive, including his Outlook .pst file for spammers to find and see."

All a spammer has to do, added Reshef, is connect to a file-sharing network and then search for strings such as "email" or "e-mail" or "Outlook.pst."

That's exactly what Blue Security, which has yet to launch its first service, a "do-not-disturb" anti-spam and anti- spyware list, did. To scout out the scope of the P2P harvesting problem, Blue Security set up 500 virgin e-mail accounts, listed those addresses in several files on a PC connected to the eDonkey 2000 and Gnutella file-sharing networks, and shared the directories the files were in.

Within a day, those new addresses received more than 100 pieces of spam. Within three days, the number had jumped to over 300 spams. Even two weeks later, those addresses were collecting more than 100 messages per day.

"Addresses found in a P2P harvest are likely to be spammed for a long time as the addresses are harvested and re-harvested by new spammers," said Reshef. "They're likely to stay on the network and simply circulate."

Spammers use this harvesting tactic, said Reshef, because it provides them a clean, reliable list of valid addresses. "P2P is a much better source than, say, a directory harvest attack. They're all real, verified addresses, for one thing, and sometimes there's contextual information elsewhere on the shared drive. We've seen customer information files mistakenly shared via P2P, as well as lists of a university's 'private' e-mail addresses. And Outlook, which spammers are really eager to get a hold of, contains your entire life, everything from addresses and phone numbers to notes and appointments."

Spammers don't stop there with P2P, Reshef went on, but also use file-sharing networks to sell and/or trade their mailing lists and bulk mailing software.

"We were really amazed by the systematic way spammers are using P2P networks," said Reshef. "It's not just one or two spammers, but dozens who are lurking on file-sharing networks."

And this harvesting method is difficult to stymie, said Reshef, since defending yourself doesn't assure that your e-mail address won't leak out and be used by spammers. "You can make sure you don't share private files, and ask friends to do the same," he said, "but at the end of the day, all it takes is one person to put your address out there."

Later this year, said Reshef, Blue Security will unveil a solution that will protect against P2P spam harvesting. Users can register for more information about the upcoming beta on the Blue Security site.

E-mail This Story
Print This Story
Reprint This Story

Get the latest Personal Tech news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?

In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.

On the CIO Agenda with IBM
With business growth back on the agenda, the role of the CIO is changing from manager of technology to C-suite collaborator in enabling innovation that matters for the business. Read an executive summary and register to download the full IBM paper.

Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

Block or Secure IM Use
IM threats up 250%. Protect your corporate network. Free Download.

Secure & Easy Console Management with Digi CM
The Digi CM console server provides secure, intelligent & easy access to network devices with a serial console port. With Digi CM, you can securely monitor & control servers, routers, switches & other devices even when your network is down.

Learn how much you save with open source.
Find out how much of a financial impact open source can have on your enterprise. Get these tools now, compliments of JBoss. Go!

Buy a Link Now

Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia