Every minute, tens of thousands of e-mail addresses are accidentally shared over peer-to-peer (P2P) networks as novice users unknowingly disclose their contacts' e-mail addresses, exposing millions of users around the globe to the receipt of unsolicited mail.
But, according to Israeli start-up Blue Security, even the most careful of users may be at risk due to their contacts' carelessness.
Blue Security will launch a Do-Not-Disturb Registry (beta service) later this year, which it says will give consumers and enterprises a choice about spam and spyware.
Blue Security's research team today revealed that spammers routinely perform "peer-to-peer harvesting", systematically locating and harvesting data to update their mailing lists with high quality e-mail addresses, enabling them to distribute spam to millions of users.
The recent study by Blue Security uncovered hundreds of incidents where files containing e-mail addresses were made accessible to any Internet user. Blue Security noted that the errors were probably the result of lack of knowledge by novice users or carelessness when selecting the directories they chose to share with others.
P2P networks are used by many Internet users to share data; most notably music and video files. P2P file sharing means that shared files located on one computer are made available to every other computer on the Internet. Most users exercise discretion when deciding which files to share and which to keep private, but some inadvertently share confidential files.
The study found many cases of accidental sharing of Microsoft Outlook and Outlook Express data files containing e-mail addresses and other contact information of friends and colleagues, as well as e-mail messages, meetings, tasks and notes. Other documents such as text, MS Word or MS Excel files containing e-mail addresses and mailing lists were also found in large quantities. These files were easily found by simply searching for files containing words such as "e-mail" and "addresses" in their names.
Blue Security ascertained that once accidentally shared, e-mail lists are quickly "P2P harvested" by spammers.
This technique allows spammers to even bypass "white-lists," which were so far considered to be a very powerful method of filtering unsolicited mail. A white list is considered to be a powerful filtering technology, allowing only messages from trusted senders to reach the user's inbox, but it is of no use when a spammer can now send messages appearing to come from one of the recipient's contacts.
Another interesting finding is that spammers not only harvest e-mail addresses from P2P networks, they also use P2P to share bulk-mailing software and harvested e-mail address lists among themselves.
This means that mistakes in file sharing cannot be corrected even a file that was accidentally shared for a short period of time can immediately becomes available through other users that continue to share it well after the original owner realizes the mistake.
Unlike web harvesting, where addresses are picked up from a web site, P2P harvesting cannot be easily avoided. Existing solutions based on various types of filters are always several steps behind spammers and scammers.
Blue Security believes that the novel approach employed by its Do-Not-Disturb Registry will eliminate spam and spyware for enterprises and consumers alike.
Published by Globes [online], Israel business news - www.globes.co.il - on Monday, April 18, 2005