Security Incidents mailing list archives

Re: Source of Windows PopUp SPAM

From: Michael Katz <mike () procinct com>
Date: Wed, 16 Oct 2002 16:22:28 -0700

At 10/16/2002 07:39 AM, Ron Trenka wrote:

on 10/15/02 12:29 PM, Lawrence Baldwin at baldwinL () mynetwatchman com wrote:

> What is also interesting is that some users, despite running personal

> firewalls, are still reporting getting these popups. This probablyexplains

> the developers choice to use MS RPC (udp/135) for delivery instead of a
> straight Netbios SMB call (tcp/139).  MS RPC would be less overhead, but

> also has the potential to reach more people as even those withfirewalls are

> often giving 'svchost.exe' server priviledges because they assume it's
> necessary:
>
> http://www.dslreports.com/forum/remark,4718327~root=security,1~mode=flat

Anyone have a way to disable this on W2K and NT 4.0 servers?


Stop and disable the Messenger service.

Michael Katz
mike () procinct com
Procinct Security


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Source of Windows PopUp SPAM Lawrence Baldwin (Oct 14)
- RE: Source of Windows PopUp SPAM Brenna Primrose (Oct 16)
- <Possible follow-ups>
- RE: Source of Windows PopUp SPAM Lawrence Baldwin (Oct 15)
  - Re: Source of Windows PopUp SPAM Ron Trenka (Oct 16)
    - Re: Source of Windows PopUp SPAM Michael Katz (Oct 16)
    - Re: Source of Windows PopUp SPAM Nick FitzGerald (Oct 17)
- RE: Source of Windows PopUp SPAM H C (Oct 16)
- RE: Source of Windows PopUp SPAM Rob Keown (Oct 16)
  - RE: Source of Windows PopUp SPAM H C (Oct 17)
    - Re: Source of Windows PopUp SPAM Gary Flynn (Oct 17)
- Re: Source of Windows PopUp SPAM Richard Akerman (Oct 18)
- Re: Source of Windows PopUp SPAM David Kennedy CISSP (Oct 20)