Security Incidents mailing list archives

RE: New MSN Messenger Worm

From: "Michael Fredericks" <mfredericks () infosol com>
Date: Thu, 14 Feb 2002 09:04:41 -0700

Hi All,
Thanks for the warning on MSN Messenger. I have restricted access to the
service from my network and suggest that it might be a good idea for
others to do the same. I found that MSN Messenger uses TCP port 1863 but
it also seems to fallback to an HTTP connection to various hosts on the
"messenger.hotmail.com" domain. Therefore I found that I had to restrict
the TCP port as well as any http connection attempts to this domain.

Thanks,

Michael Fredericks
Manager - Networks and Telecommunications
InfoSol, Inc.
mfredericks () infosol com
http://www.infosol.com/





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

New MSN Messenger Worm Drew Smith (Feb 13)
- RE: New MSN Messenger Worm Rocky Stefano (Feb 13)
- Re: New MSN Messenger Worm Nathan Einwechter (Feb 13)
- Re: New MSN Messenger Worm Nick FitzGerald (Feb 14)
- <Possible follow-ups>
- Re: New MSN Messenger Worm Bill Schalck (Feb 13)
  - Re: New MSN Messenger Worm dreamwvr () dreamwvr com (Feb 14)
- RE: New MSN Messenger Worm Michael Fredericks (Feb 14)