Re: Infecting the KaZaA network?

From: the Pull (osioniusx@yahoo.com)
Date: 02/07/02 

Date: Wed, 6 Feb 2002 21:44:21 -0800 (PST)
From: the Pull <osioniusx@yahoo.com>
To: Andrew McClymont <andrewmcclymont@d-link.net>, bugtraq@securityfocus.com

It is standard in p2p software that uses distributed
downloading to use cryptographic hashes (Swarmcast,
bittorrent, MojoNation, etc)... largely to prevent
such things.

I don't see any mention of "hash" on their site:

http://www.google.com/search?q=site:www.kazaa.com+hash&hl=en

But, it would be ludicrous if they didn't.

--- Andrew McClymont <andrewmcclymont@d-link.net>
wrote:
> I just found out a folder named "My shared folder"
> under the KaZaA
> installation folder.
>
> Inside "My shared folder" there were various KaZaA
> installshield
> packages (exe files).
>
> Now, the people at FastTrack promotes their engine
> as a distributed way
> to send files to end users. This is seen whe you
> download KaZaA, you get
> a little exe (500 k) that downloads the full KaZaA
> client from one of
> its users, I would guess, from the "My shared
> folder".
>
> What happens if I infect the files under "My shared
> folder" with a virii
> or some trojan, every user that gets their KaZaA
> client from my computer
> gets screwed, right? And then, the victim himself
> will be sharing the
> KaZaA client infected to new victims.
>
> Just wondering... Have a nice day!!
> -Andrew McClymont
>

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com