Home / Blogs

P2P as a New Spam Medium, Moving From PoC to Full Operations

Spam on P2P networks used to be mainly with advertising inside downloaded movies and pictures (mainly pornographic in nature), as well as by hiding viruses and other malware in downloaded warez and most any other file type (from zip archives to movie files). Further, P2P networks were in the past used for harvesting by spammers.

Today, P2P has become a direct to customer spamvertizing medium. This has been an ongoing change for a while. As we speak, it is moving from a proof of concept trial to a full spread of spam, day in, day out.

The idea is not new, but now it is becoming serious.

Some choice picks:

eBook - Googlecash - Make Money using google (Learn to use Affiliate programs to make easy money).pdf
Us Banks Acounts Information [Dir]
How To Create An Automated Ebay Money Machine.pdf
Easy Chair Millionaire Review.pdf
Press Equalizer Review - Flood Your Site With Targeted Traffic, Achieve Top Rankings and Gain Dozens or More Backlinks.pdf
Top Home Based Jobs [Dir]

And so on. These are just some of the scams now being pushed over P2P.

We discussed this before; it started with fake books on the subject of online marketing, and now it has gone all the way to spammers/phishing/“affiliate programs”/spyware (or in other words online fraud related organized crime groups) looking for new ways and mediums by which to reach target audience, with email becoming more and more scrutinized and filtered.

Using P2P is just the latest in a long line of mediums, ranging from the fax machine to IM and comment spam on blogs. In the past we have seen proof of concept spam seeding on P2P networks, now and for the past month in general, it has become common practice and covers everything from click fraud to full-fledged phishing and money mule recruitment.

I fully expect this medium to become more important to the bad guys, as many as there are Internet users on P2P networks. Further, the bad guys are already diversifying their spam seeds, moving from just eBooks and downloadable books in PDF format to others file types. These are sent through .DOC, and even inside directories for download.

So, how do people filter P2P searches and downloads? Do they in any way intend to? How do P2P networks intend to deal with this?

Most likely, they don’t and won’t. I don’t really see organizations implementing anti-spam products for P2P (not that these exist), nor do I see ISPs protecting their users on P2P (when they generally don’t want them there).

P2P will remain one of the worst mediums for infecting users with malware, and now it will become a very busy spam location. I wonder for how long users will be able to download on P2P networks without encountering mainly fakes. So far, spammers have not been imitating “legitimate” P2P files such as, say, MP3 songs, but it is not far in the future when this will happen.

At that time, the P2P networks which will react will survive. It won’t be easy. Especially as I don’t predict they will do so until it is, by far, too late. Much like with spam, botnets and spyware, threats are generally ignored until they become very painful. In my opinion the Bit Torrent network will be easier to control, as downloads can be verified if seeded and advertised via trusted sites. Large torrent sharing sites are the main threat.

By Gadi Evron, Security Strategist

Filed Under


Gadi Evron  –  Nov 22, 2006 8:12 AM

Author comment:
“eBook - Googlecash - Make Money using google (Learn to use Affiliate programs to make easy money).pdf” -
Is a real book, seeded on P2P. We can call this a false positive.

Anonymous Coward  –  Dec 5, 2006 1:57 PM

Well, for torrent networks, i guess the torrent lists will be moderated. Or that submissions are marked using a karma-system. I fail to see that it will be a problem.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global