P2P: The Promise and the Peril
By Lincoln D. Stein
March 2001 was a bad month for peer-to-peer networking. It started with the appearance of Mandragore, a virus that spreads via the Gnutella P2P file sharing service. Then, on March 5, a federal judge ruled against the most visible of the emerging P2P systems, Napster, ordering the company to block the distribution of copyrighted songs. Do the twin risks of legal suppression from the outside and viral corruption from within threaten to nip P2P in the bud?
Peer-to-Peer Viruses
Although Mandragore has been billed as the first P2P virus, it actually has predecessors that can be traced back almost a year. The simplest form of P2P virus was invented sometime in the spring of 2000 by Michael Fix of New Paltz, NY, as a form of public protest against the Napster music-swapping service. He designed what he calls a "cuckoo's egg," an MP3 file with a filename that indicates that it contains a copy of a popular song. However, the cuckoo's egg actually contains about 20 seconds of the real song followed by a jarring announcement that "you must have goofed up somewhere." This is followed by the sound of a cuckoo clock chiming repeatedly, as many times as needed to pad the file to the expected size and duration.
Fix loads his home computer with many cuckoo's egg files, fires up the Napster client, and leaves it running all night. The theory is that people download the doctored songs and leave them on their hard disks without listening to them all the way through. Before they discover the trick, others have downloaded the cuckoo's egg files and spread them in a virus-like fashion.
