malware from newsgroup posts with binaries?

  • Thread starter Thread starter Walterius
  • Start date Start date
W

Walterius

Can this happen? If so, how much of a threat is it and what if anything can
be done about it?

I use (and update and run almost daily) Ad-Aware, AVG Free, Microsoft
Antispyware, Spybot Search & Destroy, Spyware Blaster, and Sygate Personal
Firewall. Windows 2000 Pro.
 
Walterius wrote :
Can this happen? If so, how much of a threat is it and what if anything can
be done about it?

I use (and update and run almost daily) Ad-Aware, AVG Free, Microsoft
Antispyware, Spybot Search & Destroy, Spyware Blaster, and Sygate Personal
Firewall. Windows 2000 Pro.

Hi

Of course, all binaries can carry malware and have "friendly" names.
If you also running Outlook Express you have a really weak protection
against new unprotected malwares.

So be careful with newsgroups which also handle binaries.
 
Absolutely, and it is a serious threat.

In most newsgroups it's advisable to handle binaries with great care--I can
recall a time in an antivirus group when some character was posting a
different virus to the group daily--he had a pretty good collection. He was
also not covering his tracks, particularly, and disappeared rather quickly.

I suspect you are talking about a binaries group--one whose purpose is the
exchange of binary objects.

I was once discussing a similar topic with a Microsoft staff person--he
remarked that one signifigant sized binary object that many users will
download and run without thinking twice about it is an MP3.

If you run the bad guy's code on your machine, it's not your machine
anymore.

Additionally, the precise suffix and name of a given object doesn't
necessarily define precisely how it is handled if you double click on it.

So--what do you do? I'm probably not the right person to answer this part
'cause I tend more towards sunny optimism than dour paranoia.

Know the source. Open the file with an application--and choose one which
you know the vendor keeps updated for security issues such as buffer
overflows--such issues are found in most complex software that handles
binaries- media players, for example. Test the files with your antivirus
which you keep updated. If something is reasonably short, and you are
suspicious, use a resource such as:

http://www.virustotal.com
http://virusscan.jotti.org

to scan it with multiple vendors. This is of no help if what you have is
new, or somehow beneath the radar of these vendors, though.

I'm not usually one for telling other people how to behave, but if the
binaries aren't ones normally easily available from a reputable source, the
risks are more than just simple virus/spyware issues. There've been studies
of the objects available in various peer-to-peer sharing networks, and the
news isn't good in terms of the proportion of stuff out there that is not
what it is described as.
 
Back
Top