Security Incidents mailing list archives
RE: Source of Windows PopUp SPAM
From: Rob Keown <Keown () MACDIRECT COM>
Date: Wed, 16 Oct 2002 19:00:10 -0400
Here is another article: http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html -----Original Message----- From: Ron Trenka [mailto:ron () zowiedigital com] Sent: Wednesday, October 16, 2002 10:40 AM To: incidents () securityfocus com Subject: Re: Source of Windows PopUp SPAM on 10/15/02 12:29 PM, Lawrence Baldwin at baldwinL () mynetwatchman com wrote:
We've identified a commercial, Windows-based SPAM package which sends SPAM via popups (all for $699). I've confirmed that this particular package (which I can't name, yet..) sends popups via MS RPC. I suspect this package is running on these Linux systems under VMWARE emulated Windows sessions. What is also interesting is that some users, despite running personal firewalls, are still reporting getting these popups. This probably
explains
the developers choice to use MS RPC (udp/135) for delivery instead of a straight Netbios SMB call (tcp/139). MS RPC would be less overhead, but also has the potential to reach more people as even those with firewalls
are
often giving 'svchost.exe' server priviledges because they assume it's necessary: http://www.dslreports.com/forum/remark,4718327~root=security,1~mode=flat
Anyone have a way to disable this on W2K and NT 4.0 servers? *********************************************************** * Ron Trenka | "You do not need a parachute * * Zowie Digital Media | to skydive. You only need a * * www.zowiedigital.com | parachute to skydive twice." * * ron () zowiedigital com | www.DarwinAwards.com * * (212) 627-4991 x22 | * *********************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Source of Windows PopUp SPAM Lawrence Baldwin (Oct 14)
- RE: Source of Windows PopUp SPAM Brenna Primrose (Oct 16)
- <Possible follow-ups>
- RE: Source of Windows PopUp SPAM Lawrence Baldwin (Oct 15)
- Re: Source of Windows PopUp SPAM Ron Trenka (Oct 16)
- Re: Source of Windows PopUp SPAM Michael Katz (Oct 16)
- Re: Source of Windows PopUp SPAM Nick FitzGerald (Oct 17)
- Re: Source of Windows PopUp SPAM Ron Trenka (Oct 16)
- RE: Source of Windows PopUp SPAM H C (Oct 16)
- RE: Source of Windows PopUp SPAM Rob Keown (Oct 16)
- RE: Source of Windows PopUp SPAM H C (Oct 17)
- Re: Source of Windows PopUp SPAM Gary Flynn (Oct 17)
- RE: Source of Windows PopUp SPAM H C (Oct 17)
- Re: Source of Windows PopUp SPAM Richard Akerman (Oct 18)
- Re: Source of Windows PopUp SPAM David Kennedy CISSP (Oct 20)