Spammers Mining P-To-P For Addresses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:37 PM

Spammers Mining P-To-P For Addresses

Spammers are mining peer-to-peer networks for addresses and finding it lucrative work, a security expert says.

Spammers are mining peer-to-peer (P2P) networks for addresses, and finding it lucrative work, a security expert said Tuesday.

According to Eran Reshef, the chief executive and co-founder of Blue Security, sophisticated and smart spammers are harvesting e-mail addresses from systems linked to P2P networks via such software as eDonkey 2000 and Gnutella.

"They're going into P2P networks and harvesting addresses accidentally shared, then spamming every address they find," said Reshef.

P2P harvesting is very different from the better-known directory harvest attack (DHA), which is when spammer's flood mail servers with thousands of address variations, hoping to get a response when a valid address is queried. P2P harvesting relies on novice file-sharing users who mistakenly set their software to share more than just one or two directories on their PC.

"All it takes is one person you know, who you've sent an e-mail address," said Reshef. "This friend of yours has your e-mail address somewhere in his files, likely in his Outlook .pst file. He doesn't know P2P, and rather than share just some songs, sets the file-sharing software to share his entire hard drive, including his Outlook .pst file for spammers to find and see."

All a spammer has to do, added Reshef, is connect to a file-sharing network and then search for strings such as "email" or "e-mail" or "Outlook.pst."

That's exactly what Blue Security, which has yet to launch its first service, a "do-not-disturb" anti-spam and anti- spyware list, did. To scout out the scope of the P2P harvesting problem, Blue Security set up 500 virgin e-mail accounts, listed those addresses in several files on a PC connected to the eDonkey 2000 and Gnutella file-sharing networks, and shared the directories the files were in.

Within a day, those new addresses received more than 100 pieces of spam. Within three days, the number had jumped to over 300 spams. Even two weeks later, those addresses were collecting more than 100 messages per day.

"Addresses found in a P2P harvest are likely to be spammed for a long time as the addresses are harvested and re-harvested by new spammers," said Reshef. "They're likely to stay on the network and simply circulate."

Spammers use this harvesting tactic, said Reshef, because it provides them a clean, reliable list of valid addresses. "P2P is a much better source than, say, a directory harvest attack. They're all real, verified addresses, for one thing, and sometimes there's contextual information elsewhere on the shared drive. We've seen customer information files mistakenly shared via P2P, as well as lists of a university's 'private' e-mail addresses. And Outlook, which spammers are really eager to get a hold of, contains your entire life, everything from addresses and phone numbers to notes and appointments."

Spammers don't stop there with P2P, Reshef went on, but also use file-sharing networks to sell and/or trade their mailing lists and bulk mailing software.

"We were really amazed by the systematic way spammers are using P2P networks," said Reshef. "It's not just one or two spammers, but dozens who are lurking on file-sharing networks."

And this harvesting method is difficult to stymie, said Reshef, since defending yourself doesn't assure that your e-mail address won't leak out and be used by spammers. "You can make sure you don't share private files, and ask friends to do the same," he said, "but at the end of the day, all it takes is one person to put your address out there."

Later this year, said Reshef, Blue Security will unveil a solution that will protect against P2P spam harvesting. Users can register for more information about the upcoming beta on the Blue Security site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll