Are spammers using P2P to get address lists?

Blue Security has a report up showing a test they ran which proves there are people out there collecting email addresses via P2P programs, and then those email addresses are being sent spam. It doesn't mean the people collecting the emails are the spammers, they could be reselling the data - but in the end it doesn't really matter either.

The general idea isn't a new one, and as usual it plays off of people either being careless or ignorant about the programs they are installing. When you install a P2P program, you have the option of what drive/folders you will share out to the outside world (other people using a P2P program compatible with your program). All of the programs I have seen these days default to a single folder which you have to put the content into (which is usually the same folder that you download P2P content into), but it is definitely possible to override that and share out your whole computer.

If you do share out the whole computer, then the P2P program will index all of the files and allow people to see the results in their searches, and then allow them to download the content. So they can search for files known to store email data, like those of Outlook Express, or certain installs of Outlook (and also backup files).

The best way to stop this from happening to you is to not use P2P programs at all if you want to avoid such things. Other options range from stopping all traffic on the ports which that type of program uses (via a firewall - a common step in a corporate setting), or stopping the movement of certain types of files through the firewall.

But in the end it boils down to whether or not you know the software you are running and how well you know it. In the case of something like P2P, the potential is there for abuse if the initial settings are changed.
What I am curious to know is how many of the installs out there are not at their default settings. Then once you see those who have changed those settings, are they more along the "Power User" side which is less likely to share out their whole drive anyway.

The most interesting point of the article is that Blue Security actually put a system out there with files exposed and showed that people are in fact exploiting available files (taking them, and then sending the addresses in there spam). This wouldn't be getting exploited if there were too few cases for it to matter. So however large the number is - it is large enough at this point to merit the spammers energy to be spent on it.

Posted by Eric at April 24, 2005 10:14 PM | TrackBack