God damn kazaa to eternal hell.
Any attacker who can control 100,000 machines is a major force on the internet, while someone with a million or more is currently unstoppable: able to launch massively diffuse DDOS attacks, perform needle in a hayfield searches, and commit all sorts of other mayhem. We already understand how worms could be used to gain control of so many machines. Yet the recent revelation that Brilliant Digital Media has bundled a small trojan with KaZaA has underscored another means by which an attacker could gain control of so many machines: poorly secured automatic updaters. If an attacker can distribute his own code as an update, he can take control of millions of machines.
Brilliant Digital plans to create Altnet, a distributed, "secure" network of clients to harness the unused storage, bandwidth, and computation residing on the machines of users across the country, in a manner which prevents the clients from altering or even reading the information. An entertaining if horribly flawed business model [1], except for the means they have selected to build their network.
Brilliant Digital bundled an officially allowed, small trojan program with KaZaA which periodically connects back to their servers and downloads an update (eventually the Altnet P2P software). This trojan is now incredibly widespread: during the week of March 25th, KaZaA and the bundled trojan were downloaded 2.6 million times from CNet alone!
Very scary stuff.
News source: Slashdot
View: The article