Gnutella Forums  

Go Back   Gnutella Forums > Gnutella News and Gnutelliums Forums > General Gnutella / Gnutella Network Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

General Gnutella / Gnutella Network Discussion For general discussion about Gnutella and the Gnutella network.
For discussion about a specific Gnutella client program, please post in one of the client forums above.


View Poll Results: Have you noticed multiple listings of malware in your searches?
Yes 16 84.21%
No 2 10.53%
Don't Know 1 5.26%
Voters: 19. You may not vote on this poll

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old August 2nd, 2005
Novicius
 
Join Date: August 2nd, 2005
Posts: 3
erikinlongbeach is flying high
Exclamation Gnutella W32.Alcra.B Virus/Trojan Migration

Beware of the 851.7KB Trojan Horses!

OS: Windows
Client: Any
Internet Connection: Any
Error Message: None (yet)

I often have seen files ( <1MB) when I search for software. Often, I
search the P2P networks if I'm looking for a particular file. This
is much easier than searching the web for patches, updates, service
packs, and other files. I became suspicious when files of the same
size often appear for different searches. I noticed this even about
6 months ago.
Upon viewing the files on a particular host, the file
name is different from what it appears in the search. This is
obviously related to how Limewire tracks the same file with
differing file names. Once in a while, this method fails and you
download a file completely different from what you thought you were
downloading.
Recently, I have seen a lot of search results containing a 851.7 KB
file. Most of the time, this file appears in the search results
first and multiply. I suspect that malicious users take advantage of
the open source network to modify the programming solely for the
distribution of malicious code (malware), which includes viruses,
trojan horses, and spyware. I wish Limewire would add a feature to
further limit the search by file size or range.
Curious about these files, I downloaded a few of them. I opened the
file with WinZip. This file had a ZIP file extension, but can be
another extension, or executable (.EXE,. COM, etc.) . In the file,
there was only one file, 'setup.exe', and it was about 2.6 MB
uncompressed. I have seen this before, except the file was about 5
MB. In the previous case, I just deleted it. I suspected maybe
malicious program like spyware. I checked it out with Norton
Anti-Virus. WinZip facilitates running a virus scanner from a menu
or the keyboard, provided that it's setup properly. Norton
Anti-Virus produced a dialog box that said a virus was detected and
immediately removed. The location was from the temporary directory.
The virus was detected as "W32.Alcra.B" . The same virus appeared
for the second file downloaded. Both ZIP files were deleted
afterward. The CRC32 for 'setup.exe' was 0x8C304414 for two ZIP
files examined. The CRC32 could be different since the majority of
the file is probably filler data to fool the end user.

These should be common sense, but just in case, here are some
suggestions to avoid infection:

1. Always check files with a virus scanner program, such as Norton
Anti-Virus, McAfee or similar. Keep virus definitions updated
regularly.

2. Use other known and trusted virus scanners in addition to the
more popular anti-viral programs. The reason for this is hackers are
more familiar with how to undermine and defeat the protection of the
more common anti-viral programs and might be less successful with
less common programs.

3. Use anti-Spyware programs such as Ad-Aware, Microsoft
Anti-Spyware, and other commercial programs. The same applies to
spyware definitions.

4. If a file has the wrong or unreasonable file size, don't download
it, or delete it if you have.

5. Never execute (run), unknown, unscanned files.

6. Turn on firewall features. A hardware based firewall is better.
Most routers/gateways have firewalls built into the firmware. Block
all unnecessary ports. Don't use the Demilitarized Zone (DMZ Hosts)
feature unless you really know what you're doing.

I hope readers in this forum find this post helpful. Feel free to
post any other helpful suggestions.

Erik
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Every Program I download has W32.Alcra.B virus attached Joe069 Download/Upload Problems 1 February 11th, 2006 01:10 AM
Virus W32.Alcra.B jokieva Tips & Tricks 4 January 25th, 2006 05:11 AM
adware, trojan, virus, ect. dgrn Download/Upload Problems 1 January 12th, 2006 11:59 AM
VIRUS TROJAN Warning flymang1 General Gnutella / Gnutella Network Discussion 0 January 8th, 2005 07:23 PM
virus or trojan found on mac serevro Open Discussion topics 0 July 28th, 2004 02:41 PM


All times are GMT -7. The time now is 12:57 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.