Kazaa trial highlights P2P dangers

Kazaa's parent company Sharman Networks is currently involved in the largest copyright infringement case in Australian history and record industry heavyweights hope it will stop illegal P2P file sharing activity and provide some compensation for past copyright infringements.

However, security experts say that the trial has also highlighted the fact that by allowing -- or not actively stopping -- P2P use, companies are opening their internal networks to spyware, adware, viruses and Trojans.

Graham Connolly, territory manager Australia and New Zealand at Internet security firm Websense, said that in a recent survey the company found that almost a third of Australian organisations do not have an Internet access policy and only a quarter have software protection against P2P file sharing applications.

"P2P applications open a door for viruses and other malicious content outside of copyrighted material. Many viruses now use P2P to propagate, such as MyDoom did, by copying itself to Kazaa folders and naming itself Winamp3 (for playing music)," said Connolly.

Connolly estimates that at any given moment, roughly 5 million users are swapping more than 900 million files via P2P networks.

"Given these stats it would be naïve to think this activity is restricted to the home. Many organisations have unlimited Internet access, fat pipes and large amounts of hardware. This is the perfect recipe for bored employees to access P2P networks and download movies, music, games, software, or porn," said Connolly.

Vincent Gullotto, vice president of McAfee's antivirus emergency response team, said that 2004 has seen a massive increase in adware found on corporate systems and companies have been slow to react to the potential dangers.

"There is a lot of spyware and adware out there today but it is the adware that is the problem. Some people don't care about adware but today's spyware does what tomorrows adware will do -- and take personal information. Adware is not just looking at where [people] surf so it can throw a custom advert at them. It can also download a bot that makes your machine vulnerable or turns it into a zombie," he said.

But it is not only the shared files that create a risk. Professor Leon Sterling, chair of Software Innovation and Engineering for the Department of Computer Science and Software Engineering in the University of Melbourne, who was giving evidence at the Kazaa trial in Sydney on Tuesday, said that the P2P applications themselves could be spying on their users.

Sterling said that although he was unable to identify whether statistics about user activity was being collected by the developers of Kazaa, he thought the application "could have been designed in order to do this".

"Kazaa Media Desktop (KMD) could easily collect statistics that could be gathered at supernodes if it does not do so already," said Sterling.

Kristyn Maslog-Levis contributed to this report