BitDefender warns users of P2P networks of a new threat

[Hard_ROCKER]

Don't know if this has been posted already ?

Source: http://www.networktimes.co.za/news.aspx?pklNewsId=24546&pklIssueId=622&pklCategoryID=196

The Ymeak.A worm has been spreading like wildfire, in part due to a simple yet effective social engineering technique: it masquerades as an installer executable of some popular program.

When it is first run, the worm displays a message ('The setup file is corrupted') to lull the user into a false sense of security. It then proceeds to download and install the RBot trojan. This done, the trojan begins to spread itself from the victim's computer using any of five file-sharing networks (Limewire, Shareaza, Bearshare, Morpheus or Morpheus Ultra) as a vector and a new name.

"The bit of evil genius here is that the name for each new copy of the worm is chosen at random from certain torrent and direct download sites. This way, the worm will always have an attractive name, so people will attempt to download and run it." declared local BitDefender distributor Grayford Holton.


P2P users beware !

[YLAP]

I think it safer (but not safe!) to use torrent programs instead direct P2P 

[Hard_ROCKER]

The worm can be contained in torrents aswell. The thing is the .torrent file in itself is clean as it only contains information on where to connect to get the desired files but those files could contain a nasty so you would only know that it's a nasty after you've already downloaded it. Always read comments on torrents as usually people comment on the bad releases and scan the contents of your downloads before you run them. There is alot of malware being distributed trough torrent sites my friend so be very carefull ...

[polonus]

Hi Darth_Mikey,

Because of the dangers of P2P and Skype for instance, asynchronous filtering is needed, look here for a free open source one: http://www.lynanda.com/products/software-for-corporations/traffic-filtering/how-to-use-our-traffic-analyzer

Why these people does not use the BML program, which is a IP List Management Tool B.I.S.S., specially designed to keep you out of the claws of either the nasties or the undesired global overseers, for info on this list go here:
http://www.bluetack.co.uk/forums/index.php?showtopic=8098

But the Internet is like the ocean, an everchanging vastness, not easily managed,

polonus

[YLAP]

The worm can be contained in torrents aswell. The thing is the .torrent file in itself is clean as it only contains information on where to connect to get the desired files but those files could contain a nasty so you would only know that it's a nasty after you've already downloaded it. Always read comments on torrents as usually people comment on the bad releases and scan the contents of your downloads before you run them. There is alot of malware being distributed trough torrent sites my friend so be very carefull ...

I'm usually downloading music and movies, but yes... I'm reading all coments before downloading any file 

[Hard_ROCKER]

@Ylap: That's good my friend you can never be too carefull  

@Damian: I use Peerguardian + Blocklist Manager(from B.I.S.S.) for blocking those unwanted ip's, i don't use Protowall because i had nothing but problems with that one.

[Lisandro]

I use Peerguardian

Do you know how it works? I mean, technically?
The firewall should block the inbound connections, why we need a second application to block inbound activities from specific IPs?

[Hard_ROCKER]

Usually we use PeerGuardian to block unwanted connections from know bad ip's while we are P2P-ing. Those bad ip's could be from fake p2p file sources , anti-p2p companies, goverment servers , spyware servers , ad trackers etc. All of these IP's are contained and updated in blocklists(like the ones from blueattack) and PG constantly reads those lists and if an IP from that list tries to establish a connection to your PC then PG simply blocks it.

But PG can block all traffic not just for P2P programs. It can also work with http so if you try to connect to a certain IP via http protocol and it is contained in the blocklist it will block it. You can also make your own lists and exclusions.

Now i will try to find a more TECHnical explanation for you ... Here is the wiki link for PG manual  LINK

Go here for more info on what those Blocklists from B.I.S.S. contain. I recommend using these instead of the default ones PeerGuardian uses(blocklist.org) because they are more often updated.  LINK

You can use Blocklist Manager to get those lists and then export them into Peerguardian.
With Blocklist Manager you can even export those lists into some firewalls like ZA Pro.
The program also has some nice extra features like whois and traceroute.

Read the links i gave you and then try both of these programs and let us know what you think ...


EDIT: Here are the download links for Peerguardian and Blocklist Manager

Peerguardian  LINK

Blocklist Manager  LINK

[Lisandro]

Thanks to the very good explanation Darth_Mikey.
I already use Blocklists from Bluetack.co.uk into Peerguardian.

[.: Mac :.]

Also Peerguardian is available for OS X is any of you reading this are on a Mac
http://phoenixlabs.org/pgosx/

[Lisandro]

It's a pity that they don't release a Linux version  :'(
Does anybody knows anything about MoBlock?

[Hard_ROCKER]

I would try it out but unfortunately i don't have linux installed over here. Still waiting for stupid Creative to release linux drivers for X-FI series soundcards.

[polonus]

Hi malware fighters,

Darth_Mikey, thanks for the heads up on this malware, and here is the full technical description from bitdefendor's:
http://www.bitdefender.com/VIRUS-1000079-en--Win32.Worm.VB.Ymeak.A.html

polonus