Newsgroups basically have the same problems as e-mail. The difference is that instead of infecting just the target user, a malicious newsgroup post targets more than just one. So if you're using Outlook Express to read Newsgroups, and have your mind at rest 'cause you're filtering your e-mails from known exploits and attachments, you could be in trouble.

Newsgroups although similar to e-mail, cannot be filtered in the exactly same way. A solution to this would be to deploy a newsgroup relay, that copies and filters all newsgroup posts to an internal host from a public newsgroup. Of course this can produce a number of problems, like slow updating times, clogged servers, and large hard disk space. Of course you could always perform a secure installation of the newsgroups clients on each and every machine in your network, but this is certainly not the most practical way to improve security, especially in a large network.

Instant Messenger

Then there are the so called instant messenger and similar networks like IRC, ICQ, AOL-CHAT and other similar networks. Different from Newsgroups and e-mail, these offer almost instant message reply. Obviously, these networks allow support for sending and receiving files, and many users are very, maybe overly willing to receive any file as longs it's named myself_nude.jpg.exe or anything similar.

This also means that users are more easily fooled into giving out personal information, some of which can give attackers some real advantage when trying to get into your network. Apart from this, accessing IRC and similar networks, exposes your firewall's IP address, or the user's NAT.

It is very common for users on IRC to get scanned for vulnerabilities. So if any user is accessing IRC, and has for example, PCAnywhere, telnetd or whatever running on the IP address shown on IRC, you'll be sure to get some bruteforcing one day or another.

ICQ is also known to be a very unsecured "protocol". In fact, ICQ makes no claim on the security of their product. Much the same goes to most other chatting networks, since they are generally not designed with security in mind, but rather overall "efficiency" and multitude of features to satisfy a big number of users. Of course, giving access to these services to users on a supposedly secure network, will create a backdoor in the network, and easily compromise the overall security.

Solutions

These kind of problems exist in any network that trusts it's own users. It's quite necessary to only allow users to only access trusted or filtered protocols and maybe sites where security is critical and data simply cannot be shared unless legal access is given. This applies to most Corporate networks, where compromising just one machine means a compromise on the whole network. The solution would be to add the required rules to the firewall and restrict access. Besides that it's very reasonable to educate the users and set up security policies. The traditional virus scanner always helps as well.