Usenet may be a virus minefield
By Sam Costello
(IDG) -- A part of the Internet that predates the Web, and once was one of the busiest places online, is becoming a breeding ground for some of the Net's most vicious viruses, says one security firm.
That corner of the Internet is Usenet, a series of newsgroups dedicated to topics as diverse as the Los Angeles Lakers, Unix system administration, or any imaginable permutation of sex. On Usenet, people interested in those topics can meet, discuss, and post files. But along with debates and downloads, viruses are spread and archived there, says Dmitry Gryaznov, the manager of advanced virus research at McAfee, a division of Network Associates.
Gryaznov, a member of the VirusPatrol project at McAfee's Avert Labs, has been studying viruses on Usenet for more than five years. Despite the perception that Usenet is increasingly irrelevant in the face of the Web, its population is actually growing, he says. The volume of Usenet posts grew 20 percent from January 2001 to April 2001, he says. And those new visitors are likely to encounter a flood of viruses, including Trojan horses, backdoors, and tools used to take over PCs for use in denial of service attacks, he says.
Such viruses rarely advertise themselves as viruses, but are typically disguised as image, movie, or sound files. Many newsgroups are devoted to sharing files of these types, as well as trading pirated software. Often the files users download are not what they appear to be, but instead are programs that install viruses or backdoors on PCs without the user's knowledge, Gryaznov says.
History of Harboring Hostile Programs
Sex-related and other file-trading newsgroups are among the most popular on Usenet and are favorite targets for virus writers, he says.
"More and more people are joining [these newsgroups] because it is free stuff," he says. But virus writers are joining too.
Separating the viruses from the legitimate posts is no easy task because of the volume of messages posted to Usenet each day. More than 230GB of data are posted to newsgroups each day, and a single virus may be posted as often as 200 times per day, according to Gryaznov's research.
Many of the viruses found on Usenet are well-known and destructive. They include the Happy99 virus and the LoveLetter (ILoveYou) virus, which wreaked havoc worldwide to the tune of $10 billion in 2000. The Melissa virus, which caused $80 million in damages in March 1999, began its life in newsgroups, with the first-ever posting of the virus appearing there, Gryaznov says.
These viruses, despite their age, are still making their way around Usenet. Newsgroup posts are archived at sites such as Google, and the posts take a long time to expire, he says.
Some viruses even scan newsgroups looking for new versions of themselves and auto-update when they find one, according to Vincent Gullotto, senior director of Avert Labs.
Blocking Access Is a Challenge
Many companies have curtailed access to newsgroups, but this has not stopped Usenet-spawned viruses from infiltrating corporate networks, Gullotto says. E-mail and Web browsing programs typically include newsgroup-access features, making it harder for corporations to block access to the newsgroups.
"There are plenty of gateways, and you simply cannot block all of them," Gryaznov says.
The way to fight the spread of viruses on Usenet is, by now, familiar to most users: Keep your antivirus program updated, run it regularly, don't open suspicious files or download programs whose function you're unsure of. However, as newsgroup patrons may not be expecting viruses, they must be educated, Gryaznov says.
McAfee is launching a new virus-information Web site later this year called VirusPatrol Live. It will feature much of the data Gryaznov and VirusPatrol have collected about Usenet and viruses, including statistics. The VirusPatrol organization also hopes to expand its scans of Usenet.
VirusPatrol also posts virus alerts to newsgroups where viruses appear, hoping to warn users and thus keep them from downloading infected files.
In the battle stop to viruses, "undoubtedly, education is one of the keys," Gryaznov says.
|Back to the top|