Usenet may be a virus minefield
By Sam Costello
(IDG) -- A part of the Internet that predates the Web, and once was one of the busiest places online, is becoming a breeding ground for some of the Net's most vicious viruses, says one security firm.
That corner of the Internet is Usenet, a series of newsgroups dedicated to topics as diverse as the Los Angeles Lakers, Unix system administration, or any imaginable permutation of sex. On Usenet, people interested in those topics can meet, discuss, and post files. But along with debates and downloads, viruses are spread and archived there, says Dmitry Gryaznov, the manager of advanced virus research at McAfee, a division of Network Associates.
Gryaznov, a member of the VirusPatrol project at McAfee's Avert Labs, has been studying viruses on Usenet for more than five years. Despite the perception that Usenet is increasingly irrelevant in the face of the Web, its population is actually growing, he says. The volume of Usenet posts grew 20 percent from January 2001 to April 2001, he says. And those new visitors are likely to encounter a flood of viruses, including Trojan horses, backdoors, and tools used to take over PCs for use in denial of service attacks, he says.
Such viruses rarely advertise themselves as viruses, but are typically disguised as image, movie, or sound files. Many newsgroups are devoted to sharing files of these types, as well as trading pirated software. Often the files users download are not what they appear to be, but instead are programs that install viruses or backdoors on PCs without the user's knowledge, Gryaznov says.
History of Harboring Hostile Programs
Sex-related and other file-trading newsgroups are among the most popular on Usenet and are favorite targets for virus writers, he says.
"More and more people are joining [these newsgroups] because it is free stuff," he says. But virus writers are joining too.
Separating the viruses from the legitimate posts is no easy task because of the volume of messages posted to Usenet each day. More than 230GB of data are posted to newsgroups each day, and a single virus may be posted as often as 200 times per day, according to Gryaznov's research.
Many of the viruses found on Usenet are well-known and destructive. They include the Happy99 virus and the LoveLetter (ILoveYou) virus, which wreaked havoc worldwide to the tune of $10 billion in 2000. The Melissa virus, which caused $80 million in damages in March 1999, began its life in newsgroups, with the first-ever posting of the virus appearing there, Gryaznov says.
These viruses, despite their age, are still making their way around Usenet. Newsgroup posts are archived at si