Yes there are some relativey safe sites but users visiting them may see innocuous-looking banner ads containing code which can trigger pop-up ads
and malicious Flash ads
that install malware
. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. Some P2P programs are also configured to allow other P2P users on the same network open access to a shared directory on your computer by default. If your P2P program is not configured correctly, you may be sharing more files than you realize. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source increases your exposure to infection
because the files you are downloading may actually contain a disguised threat by hiding a file extension
or adding spaces to the existing extension as shown here
(click Figure 1 to enlarge
). The best way to eliminate these risks is to avoid using P2P applications and torrent web sites
.Software Cracks: A Great Way to Infect Your PC
US-CERT: Risks of File-Sharing Technology
...It is almost never safe to download executable programs from peer-to-peer file sharing networks because they are a major source of malware infections.
SANS Institute Peer-to-Peer File-Sharing Networks: Security Risks
What risks does file-sharing technology introduce?
* Installation of malicious code - When you use P2P applications, it is difficult, if not impossible, to verify that the source of the files is trustworthy. These applications are often used by attackers to transmit malicious code. Attackers may incorporate spyware, viruses, Trojan horses, or worms into the files. When you download the files, your computer becomes infected (see Recognizing and Avoiding Spyware and Recovering from Viruses, Worms, and Trojan Horses for more information).
* Exposure of sensitive or personal information - By using P2P applications, you may be giving other users access to personal information. Whether it's because certain directories are accessible or because you provide personal information to what you believe to be a trusted person or organization, unauthorized people may be able to access your financial or medical data, personal documents, sensitive corporate information, or other personal information. Once information has been exposed to unauthorized people, it's difficult to know how many people have accessed it. The availability of this information may increase your risk of identity theft (see Protecting Your Privacy and Avoiding Social Engineering and Phishing Attacks for more information).
* Susceptibility to attack - Some P2P applications may ask you to open certain ports on your firewall to transmit the files. However, opening some of these ports may give attackers access to your computer or enable them to attack your computer by taking advantage of any vulnerabilities that may exist in the P2P application. There are some P2P applications that can modify and penetrate firewalls themselves, without your knowledge.
* Denial of service - Downloading files causes a significant amount of traffic over the network. This activity may reduce the availability of certain programs on your computer or may limit your access to the internet (see Understanding Denial-of-Service Attacks for more information).
* Prosecution - Files shared through P2P applications may include pirated software, copyrighted material, or pornography. If you download these, even unknowingly, you may be faced with fines or other legal action. If your computer is on a company network and exposes customer information, both you and your company may be liable.
A Study of Malware in Peer-to-Peer Networks
...P2P file-sharing...there is a potentially dark side to these services, and not just due to any moral or legal concerns about sharing files. There is a very real security risk to every user who chooses to use P2P file-sharing software...there will always be the risk of irresponsible users introducing viruses...There is no way to guarantee that the file a user downloads is what the filename implies, or even the same type of file. This makes P2P networks a ridiculously easy way for authors of viruses, worms, Trojan horses, etc. to distribute their handiwork...
File Sharing, Piracy, and Malware
...Peer-to-Peer (P2P) networks...very little protection is in place to make sure that the files exchanged in these networks are not malicious...
Recent research shows that websites and programs related to software piracy are likely to be infected with malware due to the way they are distributed...over 50% of all pirated files are infected with malware that are constantly repacked to evade even the most up-to-date anti-virus programs. Software piracy acts as a gateway for cybercriminals to infect computers, leaving individuals and their personal data vulnerable to malware infection.
Therefore, any security forums ask members to remove P2P software before assisting them with malware disinfection. The nature of such software and the high incidence of infection or reinfection is counter productive to restoring the computer to a healthy state...see here