Leaving aside those pesky copyright concerns, the users of file-sharing peer-to-peer (P2P) networks such as Napster, Gnutella, Limewire, and the like thought they had some pretty cool tools on their hands. But in addition to attracting the ire of the recording industry, the P2P network quickly became a playground for cybercriminals.
Early in 2002, the Gnuman worm — aka Mandragore — began to spread among Gnutella users. Gnuman wasn’t particularly malicious; it was a proof-of concept worm designed to show how a virus could spread through a P2P network. The worm’s file name changed to the name of whatever file the unwitting Gnutella user had most recently requested. But instead of returning a media file as the search result, a Gnuman-infected machine served up a .exe file of exactly 8,192 bytes containing the virus.
P2P network worms provide early cases of ransomware
Once the proof-of-concept was established, virus creators became more nefarious. A later worm, Kenzero, appeared in 2010 and was not only a P2P worm, but also an early example of ransomware. Kenzero originated in Japan and targeted users of the P2P network Winny, a trading spot for illegal copies of Hentai games, an explicit form of anime.
The infected user’s computer would display what seemed to be a game installation screen, but was actually a phishing tool. Kenzero then accessed and stored the user’s browser history, which was then published online. Then, via email or pop-up, Kenzero demanded a ransom payment of 1500 yen to remove the posting.
In 2019, the Het Nieuwe Institute in the Netherlands curated an exhibit featuring artistic interpretations of various viruses, including Kenzero — which might be the only good to come out of the P2P virus scene.
Photo: tadamichi / Shutterstock