Bugtraq mailing list archives
Re: Infecting the KaZaA network?
From: the Pull <osioniusx () yahoo com>
Date: Wed, 6 Feb 2002 21:44:21 -0800 (PST)
It is standard in p2p software that uses distributed downloading to use cryptographic hashes (Swarmcast, bittorrent, MojoNation, etc)... largely to prevent such things. I don't see any mention of "hash" on their site: http://www.google.com/search?q=site:www.kazaa.com+hash&hl=en But, it would be ludicrous if they didn't. --- Andrew McClymont <andrewmcclymont () d-link net> wrote:
I just found out a folder named "My shared folder" under the KaZaA installation folder. Inside "My shared folder" there were various KaZaA installshield packages (exe files). Now, the people at FastTrack promotes their engine as a distributed way to send files to end users. This is seen whe you download KaZaA, you get a little exe (500 k) that downloads the full KaZaA client from one of its users, I would guess, from the "My shared folder". What happens if I infect the files under "My shared folder" with a virii or some trojan, every user that gets their KaZaA client from my computer gets screwed, right? And then, the victim himself will be sharing the KaZaA client infected to new victims. Just wondering... Have a nice day!! -Andrew McClymont
__________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
Current thread:
- Black ICE Ping Vulnerability Side Note Stoic forty-four (Feb 06)
- Infecting the KaZaA network? Andrew McClymont (Feb 06)
- Re: Infecting the KaZaA network? the Pull (Feb 07)
- Re: Infecting the KaZaA network? (unlikely) Adam Lydick (Feb 07)
- Re: Infecting the KaZaA network? Brad Maloney (Feb 07)
- <Possible follow-ups>
- RE: Black ICE Ping Vulnerability Side Note Keith T. Morgan (Feb 06)
- Infecting the KaZaA network? Andrew McClymont (Feb 06)