Investigating Spyware in Peer-to-Peer Tools

Peer-to-Peer (P2P) tools are used exclusively when their users are connected to the Internet, thus constituting a good foundation for online commercials to help finance further tool development. Although software that displays ads (adware) is very common, activity monitoring or information collecting software that spies on the users (spyware) may be installed together with the P2P tool. This paper will present a method for examining P2P tool installations and present test results from a few of the most common P2P tools. It will also discuss whether these tools, with their bundled software, make any privacy intrusions. Finally, the method itself will be evaluated and suggestions of refinements will be proposed.


1 Introduction
1.1 Background
1.2 Problem formulation
1.3 Terminology
1.3.1 Privacy intrusion
1.3.2 Adware
1.3.3 Spyware
1.3.4 P2P technology
1.4 Related work
2 Investigation
2.1 Selected P2P tools
2.1.1 BearShare v4.1.1
2.1.2 ICQ 2002a Build 3728
2.1.3 iMesh 3.1
2.1.4 Kazaa Media Desktop 2.0
2.1.5 Morpheus 2.0
2.1.6 eDonkey 2000 v35.16.61
2.2 Laboratory environment
2.2.1 Hardware
2.2.2 Software
2.2.3 Shared files
2.2.4 Network
2.2.5 Cloning system
2.3 Method description
2.3.1 Techniques and tools
2.3.2 Analysis method
3 Analysis
3.1 File system lists
3.2 Firewall logs
3.3 Registry data
3.4 Network data
3.5 Ad-aware logs
3.6 Identified components
14 Discussion
4.1 What kind of components are a couple of well known peer-to-peer tools bundled with?
4.1.1 Sentry.exe in Morpheus
4.1.2 Eac Rvndl in iMesh
4.1.3 Further thoughts
4.2 Do these activities intrude on user privacy?
4.3 How can an investigation method that discovers privacy intrusive components be constructed?
4.4 Planning of analysis vs. analysis results
4.5 Correctness of collected data
4.6 Analysis tool proposal
5 Conclusion
5.1 Conclusion
5.2 Future work
6 Appendices
6.1 Hardware specification
6.2 Application base specification
6.3 Web surfing script
6.4 P2P tool investigation work list
6.4.1 Installation
6.4.2 Running the tool (30 min/100 min)
6.4.3 Removal

Author: Martin Boldt, Johan Wieslander

Source: Blekinge Institute of Technology

Reference URL 1: Visit Now

Leave a Comment