TorrentFreak Email Update |
| ‘Facebook’ Malware Now Spreads Using BitTorrent, But Don’t Panic Posted: 18 Aug 2011 12:44 PM PDT
The creators of the Koobface worm (an anagram of Facebook) have done just that. This piece of code first appeared in 2008 and originally targeted members of social networks. Using an already infected computer as a jump point, Koobface would send messages to an Internet user’s Facebook ‘friends’ which contained links to various material, possibly a video.  But a video would not play and instead the person receiving the message would be directed to install a supposed update for Adobe Flash Player. Of course this was a hoax and instead the Facebook user’s computer would become infected with the Koobface worm and integrated into a botnet. The victim’s computer could also be subjected to further malware installations, have its search queries hijacked to display adverts, find itself blocked from accessing websites (such as anti-virus vendors), and have its license keys stolen. According to Trend Micro, Koobface has now been updated to make use of another rising technology – BitTorrent. But before everyone panics, let’s take a look at how the new Koobface works and we’ll see that the threat is relatively easy to avoid. In its new incarnation Koobface begins life as a ‘loader’. This piece of software arrives on the host machine by the usual methods employed by malware and virus creators. These include using fake torrents – downloads which claim to be one thing but actually turn out to be something else. Nothing really new here. However, once the ‘loader’ (Trend call it WORM_KOOBFACE.AV) hits the target machine and is executed, it quietly downloads a torrent file in the background. As we known, torrents are pretty useless without a torrent client, but the new Koobface has a trick up its sleeve. The ‘loader’ contains a torrent client of its own (actually a version of uTorrent) which runs on the target machine without making itself visible. The client then silently downloads the files shown in the screenshot below.  Once extracted Koobface goes to work with all the features of earlier versions, but with a notable addition. The files downloaded via the inbuilt client begin to seed using several large public trackers for the ‘benefit’ of future Koobface victims. This page shows the number of people who have been seeding the 67 Dark Ritual release during recent days. “The shift from concentrating on propagating through social networks to torrent P2P networks may be a result of the efforts by the targeted social networks to prevent the KOOBFACE botnet from abusing their framework,” says Trend Micro’s Senior Threat Researcher Jonell Baltazar. “Despite this change, users should be aware that the KOOBFACE gang has not stopped in coming up with schemes to infect users' systems. They are simply looking for other means to do so.” Trend list several infected torrents with a numbering scheme which seems to suggest that there could be a whole lot more. According to various tracker records, these torrents started to appear during April 2011.
While the decision to use BitTorrent to spread this malicious worm is novel, BitTorrent fans shouldn’t panic. In basic terms BitTorrent is a protocol which shifts around data on the Internet, much like HTTP or FTP. The latter two protocols have been used for delivering malicious payloads for as long as most people can remember so it should come as no surprise that as it increases in popularity, BitTorrent will also be used for the same purposes. Even more so since LimeWire’s former home Gnutella – a network previously a haven for malware – is gasping for air on its deathbed. While this new Koobface variant is undoubtedly clever in its use of BitTorrent, the people who use torrent clients tend to be a more savvy audience than the ‘average’ Facebook user who might click links and install software without a second thought. Hopefully this human element will help limit the spread of the worm. For anyone looking to avoid Koobface the terribly formatted filenames shown in the list above should ring alarm bells that something isn’t right, but for those still uncertain about how to avoid fake and dangerous files when using BitTorrent, referring to our guide should do the trick. Source: ‘Facebook’ Malware Now Spreads Using BitTorrent, But Don’t Panic  |
| Large ISPs Profit From BitTorrent Traffic, Study Finds Posted: 18 Aug 2011 05:42 AM PDT
However, a new report just published (pdf) by Northwestern University and Telefónica Research shows that for larger ISPs there’s an upside to BitTorrent as well. In fact, these companies make a substantial amount of money from BitTorrent traffic. The goal of the research was to understand the network impact of BitTorrent, both in terms of traffic and the costs involved. To answer this question the researchers conducted a 2-year study where they tracked the downloads of 500,000 people for 169 different countries. The end result is an interesting trend report which, among other things, shows how BitTorrent traffic has developed over time. For instance, the research found that the average download volume per user per hour increased by 25 percent between November 2009 (110 MB/hour) and November 2010 (139 MB/hour). The number of unique users on the other hand dropped by 10 percent, possibly because people finish their downloads faster. In total the absolute volume of BitTorrent traffic increased by more than 12 percent from 2009 to 2010. Aside from these general BitTorrent trends, the researchers also looked at the directions BitTorrent traffic are taking. Surprisingly, they find that BitTorrent traffic stays very local. A third of all traffic (32%) does not leave the country of origin and an additional 41 percent only travels to one other country. The researchers further find that the majority stays in local lower tier networks. The above has some very interesting implications for the costs of BitTorrent traffic for various ISPs. The researchers translated their findings into the actual costs and revenues of Internet providers and found that contrary to what the public would expect, large Tier 2 ISPs actually make money off BitTorrent traffic. This means that companies such as Comcast, Virgin Media and France Telecom profit directly from heavy downloaders. “Using inferred business relationships between ISPs, we showed that most BitTorrent traffic flows over cost-free paths and that it generates substantial revenue potential for many higher tier ISPs,” the researchers write. But not all Internet providers make money off BitTorrent; those in the lower tiers where most traffic is flowing through have less local (and free) traffic and often have to pick up the bill. “Unlike with tier 2, provider traffic is larger than customer traffic for tier 3, indicating that these ISPs on average are paying for rather than profiting from transit charges due to BitTorrent traffic,” state the researchers. The report shows that BitTorrent traffic has very a different impact depending on the place an ISP has in the network. Higher tier companies mostly profit from BitTorrent downloads, while lower tier companies are charged for the downloading habits of their consumers. According to the researchers the Internet providers should be aware of the impact BitTorrent has on them, as it may greatly impact their business decisions. The fact that ‘local’ BitTorrent traffic is preferable is not a new idea. Attempts to keep P2P transfers within the local network as much as possible are not new, and some ISPs have secretly tested the concept in the wild by seeding their own BitTorrent downloads. As a closing remark we have to note that the study only looked at bandwidth, and not the various other costs BitTorrent traffic has on a network by making millions of connections every day. The takeaway message, however, is that in terms of revenue there are quite a few very large companies that profit directly from heavy BitTorrent users. That’s a conclusion we haven’t heard before. Source: Large ISPs Profit From BitTorrent Traffic, Study Finds  |
For more than half a decade many Internet providers have throttled or even banned BitTorrent traffic on their networks. A claim | You are subscribed to email updates from TorrentFreak To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
No comments:
Post a Comment