"They're going into P2P networks and harvesting addresses accidentally shared, then spamming every address they find," said Eran Reshef, the chief executive and co-founder of Blue Security. Spammers usually use Directory Harvest Attacks, where they flood mail servers with thousands of address variations, hoping to get a response when a valid address is queried. Harvesting on P2P networks is not that complicated either, and even if you don't have your email address shared, some one of your friends might have yours shared accidentally.
"All it takes is one person you know, who you've sent an e-mail address," said Reshef. "This friend of yours has your e-mail address somewhere in his files, likely in his Outlook .pst file. He doesn't know P2P, and rather than share just some songs, sets the file-sharing software to share his entire hard drive, including his Outlook.pst file for spammers to find and see." Blue Security set up 500 virgin e-mail accounts, listed those addresses in several files on a PC connected to the eDonkey2000 and Gnutella file-sharing networks, and shared the directories the files were in.
Only 1 day later the addresses had received over 100 pieces of spam. After three days, that number had risen to 300 and after two weeks the addresses were collecting about 100 a day. "Addresses found in a P2P harvest are likely to be spammed for a long time as the addresses are harvested and re-harvested by new spammers," said Reshef. "They're likely to stay on the network and simply circulate." However, for now the spammers can be sure that the email addresses they receive harvesting P2P networks are probably real.
The best thing to recommend for users is to make sure you are not sharing any private directories; this is easily achieved by not sharing that many folders, and by creating specific folders just for the purpose of sharing files and nothing else. Maybe we should fight back by sharing Outlook.pst files with thousands of fake email addresses? Just to make it a headache for spammers to find real addresses.
Source:
InformationWeek
Written by: James Delahunty @ 19 Apr 2005 16:38