[windows2000] Virus/Worm via Messenger Service?
- From: cej4108@xxxxxxxxxxxx (Charles E. James)
- To: windows2000@xxxxxxxxxxxxx
- Date: Sat, 05 Oct 2002 13:52:37 -0400
Hi, Everyone
Just in case it was not mentioned earlier I thought I would revisit this new
form of SPAM.
Apparently there is some organization or person out there who is using the
NetBIOS ping (or something like that) to gleem IP addresses, etc. They are then
sending out a SPAM (the initial one was a poem which I believe was a test of
the new spamming venue) to all those IP addresses and if they happen to be in a
GUI environment then you get that irratating pop-up window.
You can shut it down by disabling the programs involved in IM but there are
other functions of your O/S that require the same drivers or whatever to
function and if you turn it all off then you loose your networking capabilities.
Where I currently work they supplied us with a web page that lists all the IP
addresses that are associated with their network protocols so we can set up the
appropriate permissions.
There is a much easier way to overcome this and that is a software firewall on
the user workstation. I use my firewall to block out all those stray pings that
hit my IP address. Because I block those that are not directly related to my
work network environment I didn't get the Pop-up spam window. The machine I use
for testing which doesn't have a firewall did get the pop-up spam.
I have not received any pop-up spam on the protected machine. The firewall can
also provide protection against pop-up ads, email attachment protection, etc.
I also use ad-aware which is a freeware product that scans your computer for
that little script that gets loaded when you visit a web page so you won't get
pop-ups, etc....i.e. sends out info on your surfing habits, etc...
Anyway, take the easy way to protect from this new form of spam...
"Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx> wrote:
>
>Stop the messenger service.
>
>Glenn Sullivan, MCSE+I MCDBA
>David Clark Company Inc.
>
>
>-----Original Message-----
>From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
>Sent: Friday, October 04, 2002 12:25 PM
>To: windows2000@xxxxxxxxxxxxx
>Subject: [windows2000] Re: Virus/Worm via Messenger Service?
>
>
>
>I periodically get popup messages that are similar to IM messages but claim
>to be a Windows Messenger Service or some such thing....I don't remember
>installing any such thing but evidently I have some type of messaging
>service on this W2K Server machine that can send/receive messages in the
>background and I wish to COMPLETELY DISABLE this function. Please advise me
>as to what to do and where to do it. I'd like to think that I am relatively
>proficient in this OS but this is an obvious indication that I am NOT. And
>for those that are curious...they are all spam messages and I'm scared of
>what access this IM gives itself in my server.
>
>Thank you in advance.
>
>Ray S.
>raynserv@xxxxxxxxx
>
>
>
>-----Original Message-----
>From: windows2000-bounce@xxxxxxxxxxxxx
>[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich
>Sent: Friday, October 04, 2002 9:58 AM
>To: windows2000@xxxxxxxxxxxxx
>Subject: [windows2000] Virus/Worm via Messenger Service?
>
>
>
>Last night around 5pm EST we received a Messenger Service window from a
>host called WX2. Most people, across subnets, received a poem, credited
>to Henry Cuyler Bunner (1855-1896) will a hallmark of "Provided by
>http://www.ALLprice.info";
>
>Of our two NT 4 domain controllers, one received the message intact, the
>other just received "Message from WX2 to <domain controller> on 10/3/2002
><timestamp>" but no body of the message.
>
>Anyone heard of anything like that?
>
>nbtstat shows no such host, as does nslookup.
>
>Thanks for any insight.
>
>Scott
>
>
>==================================
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
>
>==================================
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
>==================================
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
--
Charles E. James, Programmer/Analyst
U. C. Berkeley, Berkeley California
http://home.earthlink.net/~bamboogrove/
Dragon's Gate Taoism
__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now!
http://channels.netscape.com/ns/browsers/download.jsp
Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
