|
A recent study conducted by Blue Security reports how Internet users can unknowingly expose their contacts’ emails addresses to Spammers while sharing files, music, games and DVDs over Peer-to-Peer (P2P) networks.
The study has uncovered hundreds of incidents where files containing email addresses were made accessible in P2P networks. Internet users utilizing P2P networks to share files unwittingly expose and accidentally share Outlook and Outlook Express data files containing email addresses and other contact information of friends and colleagues, as well as email messages, meetings, tasks and notes. Once exposes, these email lists are quickly harvested by Spammers.
During this study, the research team conducted a P2P harvesting test to determine how quickly Spammers can access and steal email addresses and personal information. It took only three days on two major P2P networks for all personal information to be downloaded approximately 25 times each—and for 700 spam messages to be received from six different spammers. No phishing or viruses were sent to the addresses, just commercial spam and email scams.
Additional findings in the report include:
“Every minute, tens of thousands of email addresses are accidentally shared over P2P networks, exposing millions of users around the globe to unsolicited email. Most users are unaware that this is happening to them and current technologies do not stop these types of attackers,” says Eran Reshef, Blue Security’s chairman and CEO. As a result, Reshef’s company has worked on offering a solution based on a do-not-disturb registry approach to be release later this year.
Sponsored byCSC
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
A few questions - first, do you seriously expect spammers - especially the trojan using sort that’d exploit p2p networks - are going to seriously look at your do not disturb list?
That, and the FTC last year raised several correct and valid objections against a do not email registry, in their report to congress. http://www.ftc.gov/reports/dneregistry/report.pdf and http://www.newstarget.com/000427.html
Other do not call lists have been tried, such as the DMA’s e-mps, and have mostly if not all fallen by the wayside.
Finally, for a circleid story, I’d have expected less marketing / press release type wording and more statistics, or a claim that a “solution” exists - none does, mitigation perhaps, but not a solution.
But then, your circleid profile says
Name: Eran Aloni
Occupation: Director of Marketing
Website: www.bluesecurity.com
I would put it to you that prnewswire would be a much more appropriate place than circleid to plant press releases.
regards
—srs
Spam is odd in the sense that practices change so drastically and suddenly. A couple of years back, if you wanted to be spammed, you put an email address on a web page and let it be harvested. I put a few spammer-bait addresses on a web page recently, and the spam that arrives there is almost exclusively 419 spam, and not a whole lot of it. Maybe I need to seed a higher-profile web page.
Using an email address on Usenet appears to be a much better way of attracting spam than the web-publishing approach, although there again you won’t attract the full gamut of spammers. My Usenet address attracts daily eBay phish attempts, and quite a few MMF scams, but not the Via’gra spams which do a much better job of locating my real email addresses.
After seeing this report last week, I confirmed that it’s possible to scrounge up email lists via P2P file-sharing networks. But anyone who is unknowingly exposing such lists is in much bigger dangers than simply receiving more spam. Chances are they’re also sharing the contents of their entire hard disk. Does Blue Security have a solution for that, too?