Browser-based Filesharing: Next-Generation P2P?

Matt Keil


Category: Uncategorized

Since we began tracking the use of browser-based file sharing applications in the March 2008, they have evolved to the point where there are now several distinct use cases. As described in the latest Application Usage and Risk Report, published today, the first use case are those that that enable me to be more efficient at work. Examples include DocStoc and YouSendIt!, which allow me to find a template document or send a large file that I cannot get through the email server. The second use case is a cloud-based extension of a collaborative infrastructure such as Box.net. The third use case, and the one that poses significantly higher business and security risks, are those that are have morphed into a source for media files, some of which are clearly copyrighted. Applications that fit into this use case include RapdShare, MediaFire and MegaUpload. These three applications use a broadcast-focused distribution model, making it similar in behavior to P2P, but without the underlying technology, complexity and notoriety.

RapidShare, MegaUpload, and MediaFire are all geared towards very active upload and download activity, complete with rewards programs for downloads, a robust management interface, and toolbars, all geared towards rewarding those who are active uploaders. The similarities to P2P are clear. Whereas P2P is built to automatically assign added resources to active users, this new class of browser-based filesharing application encourages upload activity through credits or discounts, effectively monetizing upload activity. Yet another P2P similarity is an option that makes the new content searchable.

When an upload occurs, the user can select an option that will index the content, making it searchable by Google-based search engines. Visit rapidshare.net, megadownload.net or mediafiresearch.org and a user can find a wide range of content that is hosted on the respective sites. A quick search for any one of the latest movies or popular TV series reveals that these applications are quietly enabling the distribution of copyrighted content.

Most frequently, and most heavily used browser-based filesharing applications.

Comparing the most frequently used browser-based filesharing applications to those that are most heavily used shows that SkyDrive and DocStoc, two very business-focused applications were used most frequently. Viewed from a bandwidth consumption per organization perspective, the order is reversed. MegaUpload, Mediafire, and Rapidshare are the top-3 bandwidth consumers. DocStoc and Skydrive, did not appear on the chart because they consumed a paltry 17 MB and 55 MB per organization.

Make no mistake, the latest Application Usage and Risk Report shows that P2P remains the dominant solution for moving large files. But P2P applications are targeted and monitored more closely than other types of applications, particularly those that are browser-based and utilize tcp/80 or tcp/443; they are more complex to use; and their use can draw unwanted attention to a user. Using a browser-based filesharing application to achieve nearly the same result allows someone to fly under the radar, and in so doing, expose themselves and the organization to a wide range of business and security risks.

The recommendation is to investigate who is using these applications, determine the purpose of the use and then establish written policies and procedures around them. Those policies should be verified and enforced through security technology (like ours).

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS