Do your workstations all have registered IP addresses? You may want to think about NAT and a good firewall at the head ends of your network to protect from this sort of thing. -Aaron ----------------------- Aaron Dokey - MIS Reid Tool Supply 2265 Black Creek Rd. Muskegon, MI 49444=20 (231) 777-3951 (231) 767-3772 (Direct) ----------------------- -----Original Message----- From: cej4108@xxxxxxxxxxxx [mailto:cej4108@xxxxxxxxxxxx] Sent: Saturday, October 05, 2002 1:53 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Virus/Worm via Messenger Service? Hi, Everyone Just in case it was not mentioned earlier I thought I would revisit = this new form of SPAM.=20 Apparently there is some organization or person out there who is using = the NetBIOS ping (or something like that) to gleem IP addresses, etc. They = are then sending out a SPAM (the initial one was a poem which I believe was = a test of the new spamming venue) to all those IP addresses and if they = happen to be in a GUI environment then you get that irratating pop-up window.=20 You can shut it down by disabling the programs involved in IM but there = are other functions of your O/S that require the same drivers or whatever = to function and if you turn it all off then you loose your networking capabilities. Where I currently work they supplied us with a web page that lists all = the IP addresses that are associated with their network protocols so we can = set up the appropriate permissions.=20 There is a much easier way to overcome this and that is a software = firewall on the user workstation. I use my firewall to block out all those stray pings that hit my IP address. Because I block those that are not = directly related to my work network environment I didn't get the Pop-up spam = window. The machine I use for testing which doesn't have a firewall did get the pop-up spam. I have not received any pop-up spam on the protected machine. The = firewall can also provide protection against pop-up ads, email attachment = protection, etc. I also use ad-aware which is a freeware product that scans your = computer for that little script that gets loaded when you visit a web page so you = won't get pop-ups, etc....i.e. sends out info on your surfing habits, etc... Anyway, take the easy way to protect from this new form of spam... "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx> wrote: > >Stop the messenger service. > >Glenn Sullivan, MCSE+I =A0MCDBA >David Clark Company Inc. > > >-----Original Message----- >From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx] >Sent: Friday, October 04, 2002 12:25 PM >To: windows2000@xxxxxxxxxxxxx >Subject: [windows2000] Re: Virus/Worm via Messenger Service? > > > >I periodically get popup messages that are similar to IM messages but = claim >to be a Windows Messenger Service or some such thing....I don't = remember >installing any such thing but evidently I have some type of messaging >service on this W2K Server machine that can send/receive messages in = the >background and I wish to COMPLETELY DISABLE this function. =A0Please = advise me >as to what to do and where to do it. =A0I'd like to think that I am relatively >proficient in this OS but this is an obvious indication that I am NOT. = =A0And >for those that are curious...they are all spam messages and I'm scared = of >what access this IM gives itself in my server. > >Thank you in advance. > >Ray S. >raynserv@xxxxxxxxx > > > >-----Original Message----- >From: windows2000-bounce@xxxxxxxxxxxxx >[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich >Sent: Friday, October 04, 2002 9:58 AM >To: windows2000@xxxxxxxxxxxxx >Subject: [windows2000] Virus/Worm via Messenger Service? > > > >Last night around 5pm EST we received a Messenger Service window from = a >host called WX2. =A0 Most people, across subnets, received a poem, = credited >to Henry Cuyler Bunner (1855-1896) will a hallmark of "Provided by >http://www.ALLprice.info"; > >Of our two NT 4 domain controllers, one received the message intact, = the >other just received "Message from WX2 to <domain controller> on = 10/3/2002 ><timestamp>" but no body of the message. > >Anyone heard of anything like that? > >nbtstat shows no such host, as does nslookup. > >Thanks for any insight. > >Scott > > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm > > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm > >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >To Unsubscribe, set digest or vacation >mode or view archives use the below link. > >http://thethin.net/win2000list.cfm > --=20 Charles E. James, Programmer/Analyst=20 U. C. Berkeley, Berkeley California http://home.earthlink.net/~bamboogrove/ Dragon's Gate Taoism __________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp=20 Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm