Leech Computing, Part 1

Where have you been leeched today?

By Phil Frisbie, Jr.

Disclaimer

This article is for personal enlightenment only. It is not a warning of any known current practices or a proposal of future acceptable practices. However, this is a REAL technology, as you shall see for yourself....

Part 1 of this article contains no real technical details. It is written to enlighten the average web user. Actual working examples with source code will be included in part 2.

Background

I am defining Leech Computing as 'a program running on a client computer without user knowledge that can process data and report back the results, but otherwise does not affect the usability of the client computer and makes no changes to the client'. This leech program runs only in memory, and does not access the client's hard drive at all. Real leeches typically attach themselves to animals that spend time in the water. When the leech is hungry, it attaches itself to an animal where it either remains until full or is knocked off. If knocked off, it simply finds another animal to attach to. When the leech is full, it drops off leaving the animal unharmed. The leech needs the animals, so it chooses large animals and only takes a little blood at a time without harming them.

Leech Computing is related to distributed computing. Distributed computing projects such as SETI at Home and distributed.net have hundreds of thousands volunteers that have downloaded and installed client software that runs in the background or as a screen saver. Data files are copied between the hard drive of the client and an Internet server in order to retrieve data to process and send back the results. Work is broken up into small units that can take anywhere from a few minutes to many days to complete before the results are sent back. These hundreds of thousands of clients act as one huge computer, which can accomplish much work at a very low cost, since the clients 'donate' their computing time to the project.

Another technology you may have heard about is Parasitic Computing. Parasitic Computing can use any computer connected to the Internet to process a tiny amount of data. While the idea is intriguing, it is not practical because the computing power needed just to send and receive the data packet is thousands of times more than just processing it yourself. I mention this because Leech Computing and Parasitic Computing share these basic ideas: the user does not know data is being processed, no software is installed, and no system changes are made.

So how can Leech Computing retrieve data, process it, and return the results without the user knowing it? How can it do this without installing any software? How can it be undetectable by firewall software? All it needs to accomplish these seemingly impossible goals is one piece of common software, a web browser.

The web browser is the most used piece of software today. Millions of users are logged in at any given time of the day browsing web sites, checking email, making purchases, etc. Since the first web site was put online about ten years ago, web pages have gone from plain text pages to the current flashy looking sites we have today. The web browser has evolved to provide the capabilities to support these needs.

One of the first web browser enhancements was JavaScript and Java applet support. JavaScript and Java applets are programs that run in your browser. While Java applets can potentially cause security problems and are disabled by some users, JavaScript has no serious security problems and so is seldom disabled. JavaScript is also the most widely used tool to enhance web pages because it is easy to use and very versatile. Most any time you see cascading menus, moving text, or forms that warn you when you enter the wrong type of data, you are running JavaScript programs. In fact, you could say that a fancy JavaScript page is leeching some of your computer resources in order to create all those fancy effects.

But, while web pages currently use JavaScript and other types of programs to process data to display, they generally do not send results back to a server (with the exception of forms the user may fill out and send). From now on when I refer to a leech program, I will be referring to a JavaScript program. Even though other types of programs such as Java applets and ActiveX controls could also be used, they may be disabled by the user, they may need to be approved by the user before they are run, and they do get installed to the users hard drive.