Author Topic: Malware on limewire  (Read 6553 times)

0 Members and 1 Guest are viewing this topic.

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Malware on limewire
« on: June 27, 2015, 06:56:31 PM »
A group called tiversa has made many articles claiming that there are 2 ways personal files get on the p2p network. 1 people do not know what their doing and when setting up the folder accidentally share personal documents. 2 malware changes folders around. http://www.consumer.ftc.gov/articles/0016-p2p-file-sharing-risks   This is the article that states that malware can be emended in a file you download and move personal files into the limewire share folder for the whole network to gain access 2 and download. How likely is this to happen. Happen to everyone that uses limewire? I've talked to several techs they say that's old school back in late 90s early 2000 when that malware was developed. But any insight. I've heard multiple responses just seeing what the majority is. I know p2p has malware that isn't the ? 

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware on limewire
« Reply #1 on: June 27, 2015, 10:16:17 PM »
Hi, Yamatha.  Welcome to LandzDown.

With P2P programs, whether Limewire or another product, a port is opened on the firewall for sharing.  Shared folders are then accessible.  In other words, P2P programs form a direct conduit on to your computer.

Then there is the risk associated with the P2P file sharing.  What means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with good files.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Re: Malware on limewire
« Reply #2 on: June 27, 2015, 10:42:43 PM »
Correct so is it likely that malware could be embedded in a file you download and that malware changes your settings to move personal documents from your computer into the p2p share folder making your personal documents you weren't intending to share be shared

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware on limewire
« Reply #3 on: June 28, 2015, 12:59:22 AM »
Absolutely!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Re: Malware on limewire
« Reply #4 on: June 28, 2015, 01:00:58 AM »
Whats the likely 1 in 100, 100 of 100, 2 in a billion.  Etc

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7332
  • Liverpool FC - YNWA
    • View Profile
Re: Malware on limewire
« Reply #5 on: June 28, 2015, 12:35:09 PM »
Are you a fan of Russian roulette?  It sounds like you are seeking validation of using P2P yourself  :uhm:
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Re: Malware on limewire
« Reply #6 on: June 28, 2015, 12:37:13 PM »
Ha no just trying to see how common it is. I've received a different answer from others. Some say it don't exist or impossible some say it could exist but not likely. Others yes every download will have it embedded.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20213
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Malware on limewire
« Reply #7 on: June 28, 2015, 02:53:39 PM »
So, Yamaha, are you playing games or just bored?

Malware on limewire 
Malware limewire security issue


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Re: Malware on limewire
« Reply #8 on: June 28, 2015, 02:57:55 PM »
I'm just getting different opinions. Don't seem like there is q legitimate answer. Was hoping to see if someone ran across this before

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1065
  • Esbjerg, Denmark
    • View Profile
Re: Malware on limewire
« Reply #9 on: June 28, 2015, 03:37:24 PM »
Hi Yamaha,
Do I really in this year 2015 have to read about P2P and Limewire stuff  :shock:. I don't know how many bazillion times we have helped people cleaning their computers after using p2p, and the same amount of bazillion times we have told people not to make use of p2p. Do yourself a really big favour...stay away from that stuff if you want your pc run nice and dandy.
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Online satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 246
    • View Profile
Re: Malware on limewire
« Reply #10 on: June 28, 2015, 04:24:08 PM »
Limewire died about 6 years ago, even if you use an older working version of Limewire, you'd probably need to use an old and much exploited version of Java to run it in. Just don't - there be dragons lurking.

Continue with this topic and I'll assume you're baiting others into joining your botnet...


Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1450
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Malware on limewire
« Reply #11 on: June 28, 2015, 08:02:08 PM »
You're asking a question to which obtaining the answer is difficult. For a true answer on how many files available on P2P contain malware, one would need to download every single available file instantaneously and then measure. Assuming 100% malware identification with 0 false positives and 0 false negatives, you could then, with authority, state what percentage of available files are malware for that specific moment in time.

Given that's so virtually impossible, one can only statistically say what that percentage is, which is also difficult given it's only based on what portion of files from P2P are examined. In other words, the data is skewed.

So how can we somehow give you an answer to this question that, while it doesn't truly answer your question, answers the indirect actual question of, "Is downloading files over P2P risky?" we can simply say this:

You should probably avoid P2P file sharing.

I see two scenarios that are relevant: downloading files that organizations have specifically distributed over P2P, and downloading files that anyone could have made available. For the first scenario, perhaps someone has developed a program whose download file is large, making P2P distribution attractive. In this case, that organization will hopefully make available file checksums that, after you download the file, you can check to verify what you downloaded wasn't messed with. Signing the file with a digital certificate can also help. Are these perfect mechanisms? There is no such thing - but you can use them to build confidence that the file you downloaded is the true and correct file the organization made available.

And what of other files on P2P that anyone can upload? There's risk. How much? Hard to say (see what I wrote earlier), but we can say with some level of confidence that when we see visitors' logs on this forum showing P2P software running we immediately focus on it as the channel which the malware arrived through. A common suspect over P2P is key-generators or product activation bypass programs - these tend to come along with malware (a.k.a. the "price"), so when we see P2P software + these types of programs, we're very confident about what happened.

What exactly is that malware going to do? Steal passwords? Make your personal files available over the P2P network, or worse, upload them to the malware author? Encrypt your files and demand ransom payment? Your guess is as good as mine.

P2P can be useful and dangerous. Generally, avoid P2P networks and stick with more legitimate sources: music services for music, company websites for programs, and so on and so on. Leveraging P2P can be akin to playing with fire - you could possibly get burned.

Regards,
Aaron

This post is provided "AS IS" without warranty, and confers no rights.

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Inadvertent file sharing limewire
« Reply #12 on: June 29, 2015, 02:52:30 PM »
How do tax returns and other personal information end up on the limewire network

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7332
  • Liverpool FC - YNWA
    • View Profile
Re: Malware on limewire
« Reply #13 on: June 29, 2015, 03:01:28 PM »
Because someone was willing to inadvertently share sensitive information stored on their computer in exchange for some 'free' music downloads?

If you know how, you'll spend very little time to find hundreds of thousands of personal and confidential documents that have been unknowingly shared on the Internet.

What is the real purpose behind all these Limewire questions?  You seem to be asking the same questions in various forums  :blink:
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Yamaha

  • Jr. Member
  • **
  • Posts: 7
    • View Profile
Re: Malware on limewire
« Reply #14 on: June 29, 2015, 03:06:28 PM »
Did they not set up the share folder properly?