|
Gnutella Virus At Work? OK, this has probably been covered already, but I missed it, so I'd appreciate a little help :D I'm using Gnucleus. Whenever I do a search, I always get two results that exactly match the search criteria I've entered. One is a .URL (Windows Internet Shortcut) file that is alwasy 115K in size and one is an .MPG file that is always (I believe) 28K in size. Occasionally I'll get a third hit for something like "free passcodes for X" where X is the search criteria I've entered. Since I often use shorthand for searches, the fact that these "hits" are being generated in response to my query is obvious. F'rinstance, if I'm searching for a song (let's say "She Blinded me With Science" by Thomas Dolby) and I put in "Dolby Blinded Science", along with all the hits for the "Thomas Dolby - She Blinded Me With Science.mp3", I'll get hits for "Dolby Blinded Science.url" and "Dolby Blinded Science.mpg". I've never downloaded one of these files, since I assume something unpleasant is up. But I'm afraid that one day I'll accidentally grab one from a long list of hits. Those lists DO jump around when you're trying to click on them :-P So I really have three questions: 1. What is generating these fake hits? Is it some kind of Gnutella virus? 2. Why do the .URL files continue to show up even though I've blocked .URL files in Gnucleus using the Search filter? 3. These files always seem to come from the same IP. Why do they continue to appear after I've denied that IP using the connect filter? :confused: |
http://www.gnutellaforums.com/showth...threadid=11503 hmm..i think i sucessfully blocked those 2 ips...either they are being blocked or i'm connected where search results don't hit those 2 hosts.. |
Porn I downloaded one of these once just to see what the hell it was. BTW, there's also an MP3 file like this too. The .url file is just a link. Same thing that your Favorites use in IE. It's a link to a porn site. The MP3 and the movie will both open up a different page (I guess so they can keep track of where their hits are coming from) on the same Porn site if you open them in Windows Media Player. It's not really a virus, just a very deceptive way for these people to get people to come to their site. |
Ooohhh...OK - so it's not a Gnutella virus - it's Gnutella SPAM! A porn merchant using sleazy tactics. Who would have thought? :D |
Quote:
It is an individual or company who happen to be "sharing" this garbage on the Gnutella Network. They also happen to be sharing this same garbage on WinMX and eDonkey, as well. So, please don't think of these things as of the Gnutella Network. ;) |
Gnutella spammer It seems to be always the same spammer, at least in my part of gnutella net, and I have checked and compared often, at least 50 times in two months. The IP-Adress is always 194.213.194.37, as far as I can see, which resolves to: inetnum: 194.213.194.0-194.213.194.63 netname: GTS-CZ-HOSTING2-PPAHA descr:Server Hosting(Praha) GTS Czech a.s., possibly a dial-up. I am not sure if it would be helpful or effective in any way to complain at his isp (above). I wonder how many spammers are out there... Greetings |
hi i had exactly the same thing on morpheus(which i have forcibly removed!) i thought i was going mad every search query i had there was always 3 types if file one an mp3,one a rar file and one an exe file from this ip address 66.250.52.45. glad to know what it was |
It IS Gnutella now Quote:
Since the hit you get is always EXACTLY the same as the search you entered, my guess is that they have constructed some kind of custom server software that uses the Gnutella protocol. For any query it receives, their application generates a positive hit by combining the query string and some other string like ".MPG" and ".URL". Then if someone takes the bait and goes to download the file, their server sends out one of its "payload" files using the constructed name. None of the regular Gnutella clients could pull this off, and it's just not possible that these dolts are sharing files with names that correspond to EVERY possible search query. As for the IP address of the spammer(s), there are now dozens of them. The latest update to Gnucleus has a list of them and it now supports blocking them! :D There are 44 IPs on the list so far. Some of them repsond with your search plus MPG and URL, some of them respond with "secret paysite passwords" plus your search, and there are other combinations as well. It seems one or more versions of this custom software is now making the rounds among the lowlife scumsucking leeches of the net, being traded or sold in the fetid, stagnant pools of reeking filth where these creeps brew their sleazy marketing schemes. Since Gnutella is an open source protocol, you get the good with the bad. Anyone can write a Gnutella client - but anyone can also abuse the protocol for their own ends. That's what these stinking orifices are doing. And now that they've crashed the party, they'll never leave. We'll just have to learn to ignore their offensive odor, the same as we've had to do with their spam in e-mail and their pop-up ads on the web. |
Hey, Cloudwatcher... (nice nick)....... Where exactly do we disagree? I promise you that if we were talking about this subject in a private forum, my language would be a wee bit stronger than what I used in my above reply! It IS some company pushing garbage with a really bad cheat that the majority will fall for....... I find that I only get this [edit] if I do a search for some of the more rare things I am always looking for. The thing seems to 'sense a degree of desperation' on the part of the searcher!!!!!! Geeeeeeeezzzz!!!!! But.... BUT...... You are certainly affording far to great an ability, and a need for such ability, in regards to what we are really talking about...... Anybody can do it, right? I mean, it's just a link-file....... It's not the end of the world, right? No big anti-Gnutella Network conspiracy or anything remotely like it.... Just some more [edit]les trying to make a crude "buck" off the internet! Never download any 28kb HTML files ;) Hey, I even edited my own post about these [edit]ers who do this [edit]! |
Quote:
That's what I disagree with. This is a new kind of spam (or spam-like activity) that is ONLY spread via the Gnutella network and couldn't exist WITHOUT the Gnutella network. Quote:
Quote:
Sure, the tools they are using are crude enough now, and their tricks are mostly easy to ignore. But they add "noise" to the network and make it just a little harder to use. And you know they're not going to stop with these crude tools - they'll get more sophisticated, and Gnutella will suffer as a result. Remember when pop-up ads were only used by porno sites? Now they're used by everybody who runs ads on the web - and web surfing is exponentially more annoying. How long until the noise overwhelms the "signal" in the Gnutella network? How long until somebody else uses this same tactic in a more aggressive fashion? What if you did a search that returned 100 identical hits, yet 35 of them were actually spam in disguise? You'd stand a pretty good chance of getting a spam instead of the file you really wanted. Eventually, you'd start to download as many copies of each file as your bandwidth could handle, just to make sure you had at least one good copy in amongst the bogus ones. Multiply that increase by the number of users on the network, and you've got a pretty big bandwidth hit. Not to mention what a pain it would be sorting out the fakes from the real files. Suppose RIAA started balsting out thousands of files that contained the first 45 seconds of a song, then switched over to a recorded announcement about file sharing being stealing? I dunno. I'm not gonna cry all night over this or anything, it just ticks me off. BTW - glad you like the nick! :cool: |
| All times are GMT -7. The time now is 08:11 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.