RE: Windows Messenger Pop-up spam

[Harlan Carvey <keydet89 () yahoo com>]

Steven 
 
> Harlan, as you well know, there are *many* other
> things listening
> to/on the subset of ports used by messenger spam,
> turning
> off the messenger service in no way blinds/deafens
> the *rest* of 
> the RPC subsystem, where $DEITY knows how many vulns
> have been (and remain to be) discovered.

True.  Agreed.  No question/problem/issue with that
whatsoever.
 
> Simply turning off the service in no way increases
> the security 
> of the machine, because those ports and the
> multiplicity of 
> services that use them will still be exposed, quite
> obviously.

Again, agreed.  However, as is many times the case,
this has nothing whatsoever to do with the original
poster's (OP) question.  

The OP asked:
"Is this sort of stuff still a problem? Does it still
exist in the wild?"

The OP did NOT ask:
"Does shutting off the Messenger service significantly
improve my security?"

> Anyone sufficently addled as to run a machine
> exposed in this 
> way is also extremely unlikely to be patched up the
> eyeballs, 
> thus we have exposed *and* vulnerable services. 
> Thus it will 
> be game over when the first worm reaches the
> machine.

Hhhmmm...depends on the worm, but yes.  But again,
this is not the issue at hand.  

Thanks,

Harlan 



 

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------