Security Incidents mailing list archives
RE: Source of Windows PopUp SPAM
From: "Brenna Primrose" <primrose () creighton edu>
Date: Tue, 15 Oct 2002 17:06:51 -0500
Before one of my servers received the popup, BlackICE alerted me to the following on my personal (non-server) machine: Intruder information: IP: 207.44.141.140 Name: WEBPOPUP06 DNS: WEBPOPUP06 Node: WEBPOPUP06 Workgroup: WORKGROUP NetBIOS: WEBPOPUP06 MAC: 005056630372 Hack attempts by this intruder: Date & Time: 2002-10-14 16:00:34 (-5:00 GMT) Time Zone: Central Daylight Time MSRPC UDP port probe (port=135) Victim IP: 147.134.47.171 Attempts: 2 Date & Time: 2002-10-15 02:41:15 (-5:00 GMT) Time Zone: Central Daylight Time MSRPC UDP port probe (port=135) Victim IP: 147.134.47.171 Attempts: 2 4 intrusions detected from this intruder. BlackICE Defender personal firewall log entries: Severity,Timestamp,IssueID,IssueName,IntruderIP,IntruderName,VictimIP,Vi ctimName,Parameters,Count,ResponseLevel,IntruderPort,VictimPort,PacketFl ags 1,2002-10-14 16:00:34,2003405,MSRPC UDP port probe,207.44.141.140,WEBPOPUP06,147.134.47.171,,port=135&reason=Firewall ed,2,,1803,135,00006911 1,2002-10-15 02:41:15,2003405,MSRPC UDP port probe,207.44.141.140,WEBPOPUP06,147.134.47.171,,port=135&reason=Firewall ed,2,,1302,135,00006911 (This report was generated by VisualICE Report Utility 4.7) The computer at 207.44.141.140 (annoyingly named "WEBPOPUP06") is the culprit in our case. The ISP has been notified. These spammers are freakin' annoying! Brenna http://profiles.yahoo.com/absolut_contagion http://gsa.creighton.edu AIM - absolutxpsycho Yahoo! - absolut_contagion ICQ - 1363187 MSN - r00t () creighton edu -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GSS d-- s: a-- C++ UL++++ P+ L+ E W++ N+ o-- K- w+ O-- M V-- PS++ PE Y+ PGP- t-- 5-- X++ R- tv+ b+++ DI D+ G e* h- r++ x+ ------END GEEK CODE BLOCK------ -----Original Message----- From: Lawrence Baldwin [mailto:pckboy () bellsouth net] Sent: Sunday, October 13, 2002 12:27 PM To: incidents () securityfocus com Subject: Source of Windows PopUp SPAM I've believe I have figured out the hosts that were used to send the recent rash of PopUP SPAM: http://www.mynetwatchman.com/kb/security/articles/popupspam/ Lawrence Baldwin myNetWatchman.com ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Source of Windows PopUp SPAM Lawrence Baldwin (Oct 14)
- RE: Source of Windows PopUp SPAM Brenna Primrose (Oct 16)
- <Possible follow-ups>
- RE: Source of Windows PopUp SPAM Lawrence Baldwin (Oct 15)
- Re: Source of Windows PopUp SPAM Ron Trenka (Oct 16)
- Re: Source of Windows PopUp SPAM Michael Katz (Oct 16)
- Re: Source of Windows PopUp SPAM Nick FitzGerald (Oct 17)
- Re: Source of Windows PopUp SPAM Ron Trenka (Oct 16)
- RE: Source of Windows PopUp SPAM H C (Oct 16)
- RE: Source of Windows PopUp SPAM Rob Keown (Oct 16)
- RE: Source of Windows PopUp SPAM H C (Oct 17)
- Re: Source of Windows PopUp SPAM Gary Flynn (Oct 17)
- RE: Source of Windows PopUp SPAM H C (Oct 17)
- Re: Source of Windows PopUp SPAM Richard Akerman (Oct 18)
- Re: Source of Windows PopUp SPAM David Kennedy CISSP (Oct 20)