|
Gnutella Virus At Work? OK, this has probably been covered already, but I missed it, so I'd appreciate a little help :D I'm using Gnucleus. Whenever I do a search, I always get two results that exactly match the search criteria I've entered. One is a .URL (Windows Internet Shortcut) file that is alwasy 115K in size and one is an .MPG file that is always (I believe) 28K in size. Occasionally I'll get a third hit for something like "free passcodes for X" where X is the search criteria I've entered. Since I often use shorthand for searches, the fact that these "hits" are being generated in response to my query is obvious. F'rinstance, if I'm searching for a song (let's say "She Blinded me With Science" by Thomas Dolby) and I put in "Dolby Blinded Science", along with all the hits for the "Thomas Dolby - She Blinded Me With Science.mp3", I'll get hits for "Dolby Blinded Science.url" and "Dolby Blinded Science.mpg". I've never downloaded one of these files, since I assume something unpleasant is up. But I'm afraid that one day I'll accidentally grab one from a long list of hits. Those lists DO jump around when you're trying to click on them :-P So I really have three questions: 1. What is generating these fake hits? Is it some kind of Gnutella virus? 2. Why do the .URL files continue to show up even though I've blocked .URL files in Gnucleus using the Search filter? 3. These files always seem to come from the same IP. Why do they continue to appear after I've denied that IP using the connect filter? :confused: |
http://www.gnutellaforums.com/showth...threadid=11503 hmm..i think i sucessfully blocked those 2 ips...either they are being blocked or i'm connected where search results don't hit those 2 hosts.. |
Porn I downloaded one of these once just to see what the hell it was. BTW, there's also an MP3 file like this too. The .url file is just a link. Same thing that your Favorites use in IE. It's a link to a porn site. The MP3 and the movie will both open up a different page (I guess so they can keep track of where their hits are coming from) on the same Porn site if you open them in Windows Media Player. It's not really a virus, just a very deceptive way for these people to get people to come to their site. |
Ooohhh...OK - so it's not a Gnutella virus - it's Gnutella SPAM! A porn merchant using sleazy tactics. Who would have thought? :D |
Quote:
It is an individual or company who happen to be "sharing" this garbage on the Gnutella Network. They also happen to be sharing this same garbage on WinMX and eDonkey, as well. So, please don't think of these things as of the Gnutella Network. ;) |
Gnutella spammer It seems to be always the same spammer, at least in my part of gnutella net, and I have checked and compared often, at least 50 times in two months. The IP-Adress is always 194.213.194.37, as far as I can see, which resolves to: inetnum: 194.213.194.0-194.213.194.63 netname: GTS-CZ-HOSTING2-PPAHA descr:Server Hosting(Praha) GTS Czech a.s., possibly a dial-up. I am not sure if it would be helpful or effective in any way to complain at his isp (above). I wonder how many spammers are out there... Greetings |
hi i had exactly the same thing on morpheus(which i have forcibly removed!) i thought i was going mad every search query i had there was always 3 types if file one an mp3,one a rar file and one an exe file from this ip address 66.250.52.45. glad to know what it was |
It IS Gnutella now Quote:
Since the hit you get is always EXACTLY the same as the search you entered, my guess is that they have constructed some kind of custom server software that uses the Gnutella protocol. For any query it receives, their application generates a positive hit by combining the query string and some other string like ".MPG" and ".URL". Then if someone takes the bait and goes to download the file, their server sends out one of its "payload" files using the constructed name. None of the regular Gnutella clients could pull this off, and it's just not possible that these dolts are sharing files with names that correspond to EVERY possible search query. As for the IP address of the spammer(s), there are now dozens of them. The latest update to Gnucleus has a list of them and it now supports blocking them! :D There are 44 IPs on the list so far. Some of them repsond with your search plus MPG and URL, some of them respond with "secret paysite passwords" plus your search, and there are other combinations as well. It seems one or more versions of this custom software is now making the rounds among the lowlife scumsucking leeches of the net, being traded or sold in the fetid, stagnant pools of reeking filth where these creeps brew their sleazy marketing schemes. Since Gnutella is an open source protocol, you get the good with the bad. Anyone can write a Gnutella client - but anyone can also abuse the protocol for their own ends. That's what these stinking orifices are doing. And now that they've crashed the party, they'll never leave. We'll just have to learn to ignore their offensive odor, the same as we've had to do with their spam in e-mail and their pop-up ads on the web. |
Hey, Cloudwatcher... (nice nick)....... Where exactly do we disagree? I promise you that if we were talking about this subject in a private forum, my language would be a wee bit stronger than what I used in my above reply! It IS some company pushing garbage with a really bad cheat that the majority will fall for....... I find that I only get this [edit] if I do a search for some of the more rare things I am always looking for. The thing seems to 'sense a degree of desperation' on the part of the searcher!!!!!! Geeeeeeeezzzz!!!!! But.... BUT...... You are certainly affording far to great an ability, and a need for such ability, in regards to what we are really talking about...... Anybody can do it, right? I mean, it's just a link-file....... It's not the end of the world, right? No big anti-Gnutella Network conspiracy or anything remotely like it.... Just some more [edit]les trying to make a crude "buck" off the internet! Never download any 28kb HTML files ;) Hey, I even edited my own post about these [edit]ers who do this [edit]! |
Quote:
That's what I disagree with. This is a new kind of spam (or spam-like activity) that is ONLY spread via the Gnutella network and couldn't exist WITHOUT the Gnutella network. Quote:
Quote:
Sure, the tools they are using are crude enough now, and their tricks are mostly easy to ignore. But they add "noise" to the network and make it just a little harder to use. And you know they're not going to stop with these crude tools - they'll get more sophisticated, and Gnutella will suffer as a result. Remember when pop-up ads were only used by porno sites? Now they're used by everybody who runs ads on the web - and web surfing is exponentially more annoying. How long until the noise overwhelms the "signal" in the Gnutella network? How long until somebody else uses this same tactic in a more aggressive fashion? What if you did a search that returned 100 identical hits, yet 35 of them were actually spam in disguise? You'd stand a pretty good chance of getting a spam instead of the file you really wanted. Eventually, you'd start to download as many copies of each file as your bandwidth could handle, just to make sure you had at least one good copy in amongst the bogus ones. Multiply that increase by the number of users on the network, and you've got a pretty big bandwidth hit. Not to mention what a pain it would be sorting out the fakes from the real files. Suppose RIAA started balsting out thousands of files that contained the first 45 seconds of a song, then switched over to a recorded announcement about file sharing being stealing? I dunno. I'm not gonna cry all night over this or anything, it just ticks me off. BTW - glad you like the nick! :cool: |
Quote:
|
Well, you have a point there. To be honest, I don't spend very much time paying attention to this stuff. Certainly not to the point where I know every type of file-sharing system that exists and what type of technology it uses. I wasn't aware that those (eDonkey, WinMX) were distinct filesharing networks. I thought they were just different clients or something. :p Whatever. This is getting silly. I don't want to argue semantics or talk politics. I just wanted to find out what was going on with these weird hits I was getting. And I was surprised that spammers had already devised a way to bend "peer-to-peer file-sharing technology" (to use the technically correct, inclusive term) to their own slimy ends. That's all. |
With Gnucleus 1.8.4 you can block spammers. if you download it from online it automatically stops spammers with an list. I ram into this problem while beta testing a client i created. |
Ok, this is a really old thread so I guess I can use it to follow the suggestion that I post to freshen-up my activity here ("Hello cnshht it appears that you have not posted on our forums in several weeks, why not take a few moments to ask a question, help provide a solution or just engage in a conversation with another member in any one of our forums?") Due to the nature of my connectivity, I've been unwilling to risk sharing my files for quite a while, thus endangering my associates, here in the USA where legal threats from large corporations and their sponsored organizations.... I thus felt like a leech and my P2P activity was minimized. I was away for a while.... I came back and found the above-described phenomenon in full force. Valid search results were deeply immersed in trash, to the point where my searches were sometimes completely futile. My theory is similar to that above. Certain corporate interests are funding a deliberate spoiling of P2P by intercepting search queries, generating matching trash files, and quickly sharing them. I was able to wade through the trash by using careful queries and avoiding the "matches" described above. But it quickly occurs to me that a well-funded group employing script-writers and programmers can cripple P2P with ever-more complex routines that basically result in ever-increasing denial-of-service.... And public discussion of the phenomenon might even help those spoilers, so I feel gagged by my own preference for filesharing freedom. If anyone sees this and wants to offer a peptalk or a few links to help me fight the spoilers in my spare time, ...that would be welcome. |
Well cnshht (how do you pronounce that name?) You've summed up the current and ongoing problem with the gnutella network, not to mention the planted viruses and booby trapped software. However, your idea of fighting this problem is somewhat surprising considering that you have large companies, major western government organisations all trying to stop their computer users from using P2P apps and facilities by whatever means. Consequently, I do strongly disagree when you said: Quote:
But saying all that, once using the P2P stop being fun then, I guess, most people, like myself, will just stop using it. UK Bob |
Sure there's hope.... As a relatively ignorant end-user (who can't get i2Phex to install) I do have vague hopes that P2P client developers will feel intrigued by the challenge of defeating Megacorporate programmer-goons, and pass along to me the fruits of their efforts at some point. I'm historically a Phex-user (came here looking for clues to this conundrum) and I see signs of an adaptive move toward private networks, etc. I hope to study it in the future. You bet I'd like to see P2P evolve into something that makes those media conglomerates who are funding denial-of-service efforts wish they'd never screwed with P2P. Could blacklisting be refined by a dynamic service that works within our client programs, so that when we send a query and shortly afterward receive garbage results that contain our exact string, those hosts are filtered or auto-blocked...? Beyond that, ...would it be possible for a script or program/module to be written that would identify/track-back the hosts of the spoilers, and target THEM with enough retaliatory traffic that their own rotten activity becomes untenable? They are doing something that no public-minded P2P user would engage in. Can their activity can be used to dynamically and automatically identify them and retalitate? Can we respectful users, in our greater numbers, with the help of those developers who don't like seeing the fruits of their previous labor spoiled... ...can we all run a program that identifies the garbage-spewers and targets them with noise, denying THEM the ability to deny service to others? Surely we are as free to do that, as they are to do what they do. I for one would be happy to host an add-on module or program that gives them a dose of their own poison.... |
Wow, I have never seen a thread as dead as this one brought back to life before. Did I really post here 8 YEARS ago?! Sheesh... Cnshht, it's been a long time since I fired up Gnucleus, so maybe I'm out of the loop, but why do you assume its "Certain corporate interests are funding a deliberate spoiling of P2P by intercepting search queries, generating matching trash files, and quickly sharing them" with Ukbobboy chiming in about "large companies, major western government organisations all trying to stop their computer users from using P2P apps and facilities by whatever means." It sounds like you think this is some kind of conspiracy to destroy P2P. But an equally good explanation is that it's just the usual crop of small-time, quasi-crooked spammers up to their usual tricks trying to make a buck. In fact, it seems a lot more likely to me. |
Perhaps both sorts of spoilers are "out there." But my experience is that the "trash files" are tiny in size, and when I have attempted out of curiosity to download them, they don't move. When I said "quickly sharing them," I was maybe a bit unclear. I meant their scripts/programs/bots broadcast the files as "shared" search results. Not that they are actually "sharing", i.e. that P2P users are actually downloading the sham files in all their multiples. The hosts do not at all seem to be trying to get P2P users to download a spam/advert in any form. I have yet to see any spam-like adverts, messages or commercial content at all behind the mechanism I've observed, where search queries are used to generate fake results. So how does anyone "make a buck" doing it? They're just jamming the protocol so it can't be used. It seems specifically designed as a denial-of-service activity. Therefore it seems most likely to me that the sponsors of this activity are those who feel they are losing profits because of file sharing. i.e. large recording/media companies and their industry associations. Cloudwatcher, have you downloaded a search result that mimics your query turns out to be a file trying to sell you ******? Or to sell you anything? Or direct you to a website that does try to? I haven't. There's nothing there. It's just electronic jamming of search activity. High volume. Many many hosts. Has the appearance of an organized, targeted effort. |
| All times are GMT -7. The time now is 05:08 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.