ISP defenses buckle to posted viruses

ISPs have got a potentially more perilous problem on their hands than spammers: virus writers who disguise their email and ship their illicit wares to newsgroups.

CNET News staff
2 min read
As Internet service providers work to evict spammers, they've got a potentially more perilous problem on their hands: virus writers who log on, disguise their email, and ship their illicit wares to newsgroups.

As EarthLink learned last week, there's not much that ISPs can do about virus writers.

Participants in alt.cracks and alt.crackers newsgroups have been warning each other that a user named "Slasher" has been uploading viruses into the programs he or she has been posting.

One newsgroup reader has already complained to EarthLink, arguing that the virus poster, who disguised his or her identity, should be kicked off the system. That's easier said than done, though.

If the ISP could catch the user, EarthLink would not hesitate to kick him or her off, according to Jon Irwin, vice president of customer support. Putting viruses on the Net specifically violates EarthLink's acceptable use policy. "We attempt to stop network abuse aggressively, but it's a challenge," Irwin said.

EarthLink, one of many ISPs targeting spammers, has managed to reduce spams to a trickle, Irwin noted. But to bust a virus writer means essentially catching them in the act, he said.

Finding a user posting to newsgroups is no easy task, Irwin added. Antivirus experts concur.

EarthLink is not alone in its frustration to stop what promises to become an increasing threat on the Net, said Jonathan Wheat, the antivirus lab manager at the National Computer Security Association, a clearinghouse for computer security information.

In fact, Wheat and others fully expect virus writers to increasingly take to the Net, where malicious programs can be distributed widely and anonymously. The Hare virus, for example, has been distributed through newsgroups and, had it not been so full of bugs, it could have done massive damage.

Wheat said he's surprised more people don't use newsgroups to distribute their viruses. "People are always looking for free software," he said. "If you make it sound good enough, people are going to suck it down."

Joe Wells, who writes for the Antivirus Online Web site sponsored by IBM, agreed. "With the combination of the Internet, email, and macro viruses, the future looks kind of gloomy," Wells said.