[windows2000] Re: Virus/Worm via Messenger Service?
- From: Aaron Dokey <adokey@xxxxxxxxxxxx>
- To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 7 Oct 2002 08:27:57 -0400
Do your workstations all have registered IP addresses? You may want to
think about NAT and a good firewall at the head ends of your network to
protect from this sort of thing.
-Aaron
-----------------------
Aaron Dokey - MIS
Reid Tool Supply
2265 Black Creek Rd.
Muskegon, MI 49444=20
(231) 777-3951
(231) 767-3772 (Direct)
-----------------------
-----Original Message-----
From: cej4108@xxxxxxxxxxxx [mailto:cej4108@xxxxxxxxxxxx]
Sent: Saturday, October 05, 2002 1:53 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Virus/Worm via Messenger Service?
Hi, Everyone
Just in case it was not mentioned earlier I thought I would revisit =
this new
form of SPAM.=20
Apparently there is some organization or person out there who is using =
the
NetBIOS ping (or something like that) to gleem IP addresses, etc. They =
are
then sending out a SPAM (the initial one was a poem which I believe was =
a
test of the new spamming venue) to all those IP addresses and if they =
happen
to be in a GUI environment then you get that irratating pop-up window.=20
You can shut it down by disabling the programs involved in IM but there =
are
other functions of your O/S that require the same drivers or whatever =
to
function and if you turn it all off then you loose your networking
capabilities.
Where I currently work they supplied us with a web page that lists all =
the
IP addresses that are associated with their network protocols so we can =
set
up the appropriate permissions.=20
There is a much easier way to overcome this and that is a software =
firewall
on the user workstation. I use my firewall to block out all those stray
pings that hit my IP address. Because I block those that are not =
directly
related to my work network environment I didn't get the Pop-up spam =
window.
The machine I use for testing which doesn't have a firewall did get the
pop-up spam.
I have not received any pop-up spam on the protected machine. The =
firewall
can also provide protection against pop-up ads, email attachment =
protection,
etc.
I also use ad-aware which is a freeware product that scans your =
computer for
that little script that gets loaded when you visit a web page so you =
won't
get pop-ups, etc....i.e. sends out info on your surfing habits, etc...
Anyway, take the easy way to protect from this new form of spam...
"Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx> wrote:
>
>Stop the messenger service.
>
>Glenn Sullivan, MCSE+I =A0MCDBA
>David Clark Company Inc.
>
>
>-----Original Message-----
>From: Rayneman [mailto:reignofdeath@xxxxxxxxxxxxx]
>Sent: Friday, October 04, 2002 12:25 PM
>To: windows2000@xxxxxxxxxxxxx
>Subject: [windows2000] Re: Virus/Worm via Messenger Service?
>
>
>
>I periodically get popup messages that are similar to IM messages but =
claim
>to be a Windows Messenger Service or some such thing....I don't =
remember
>installing any such thing but evidently I have some type of messaging
>service on this W2K Server machine that can send/receive messages in =
the
>background and I wish to COMPLETELY DISABLE this function. =A0Please =
advise
me
>as to what to do and where to do it. =A0I'd like to think that I am
relatively
>proficient in this OS but this is an obvious indication that I am NOT. =
=A0And
>for those that are curious...they are all spam messages and I'm scared =
of
>what access this IM gives itself in my server.
>
>Thank you in advance.
>
>Ray S.
>raynserv@xxxxxxxxx
>
>
>
>-----Original Message-----
>From: windows2000-bounce@xxxxxxxxxxxxx
>[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Scott Ehrlich
>Sent: Friday, October 04, 2002 9:58 AM
>To: windows2000@xxxxxxxxxxxxx
>Subject: [windows2000] Virus/Worm via Messenger Service?
>
>
>
>Last night around 5pm EST we received a Messenger Service window from =
a
>host called WX2. =A0 Most people, across subnets, received a poem, =
credited
>to Henry Cuyler Bunner (1855-1896) will a hallmark of "Provided by
>http://www.ALLprice.info";
>
>Of our two NT 4 domain controllers, one received the message intact, =
the
>other just received "Message from WX2 to <domain controller> on =
10/3/2002
><timestamp>" but no body of the message.
>
>Anyone heard of anything like that?
>
>nbtstat shows no such host, as does nslookup.
>
>Thanks for any insight.
>
>Scott
>
>
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
>
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>To Unsubscribe, set digest or vacation
>mode or view archives use the below link.
>
>http://thethin.net/win2000list.cfm
>
--=20
Charles E. James, Programmer/Analyst=20
U. C. Berkeley, Berkeley California
http://home.earthlink.net/~bamboogrove/
Dragon's Gate Taoism
__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now!
http://channels.netscape.com/ns/browsers/download.jsp=20
Get your own FREE, personal Netscape Mail account today at
http://webmail.netscape.com/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
