Re: Spam Masquerades as Admin Alerts

[InfoSec News <isn () c4i org>]

Forwarded from: Gizmo Sprocket <gizmo () surfthe net>

I think there is a bit of confusion in this article.

This practice, from what I have discovered, seems to be specific to
the Windows Messaging service, not Windows Messenger (aka Microsoft
Messenger or MSN Messenger).

The Windows Messenger service is on NT Kernel Systems including NT
3.*, 4.*, Windows 2000, and Windows XP.  There were add-ons, if I
recall, for some older Windows versions to give this type of
functionality, but it was rarely used on Windows 9x and 3.x platforms.

A good firewall, with a proper protection policy enabled, would
prevent these pop-ups.  Most personal firewalls will do this.  In
fact, protecting your NetBIOS ports is a baseline best practice for
Windows and other SMB enabled systems.

That being said, it's quite possible to assume that the Windows
Messenger application (the Microsoft Answer to AOL IM) could be used
to send advertising as well... but this seems to be, for the moment, a
less popular occurrence.

----- Original Message -----
From: "InfoSec News" <isn () c4i org>
To: <isn () attrition org>
Sent: Wednesday, October 16, 2002 3:24 AM
Subject: [ISN] Spam Masquerades as Admin Alerts


> http://www.wired.com/news/technology/0,1282,55795,00.html
>
> By Brian McWilliams
> Oct. 15, 2002 PDT
>
> A new breed of pop-up ads is appearing mysteriously on Microsoft
> Windows users' computers. The so-called "Messenger spams" have
> security experts and system administrators scratching their heads --
> and recipients fuming.
>
> Some of the ads, which hit Windows systems through backdoor
> networking ports and not by e-mail or Web browsing, appear to have
> been generated by Direct Advertiser, a $700 software program
> developed by Florida-based DirectAdvertiser.com.
>
> By tapping into Messenger, a Windows service originally designed to
> enable system administrators to send messages to users on a network,
> Direct Advertiser can deliver "completely anonymous and virtually
> untraceable" ads "straight to the screen of your client," according
> to the company's website.
>
> "Now somebody on the other side of the world can sit there and pop
> up messages on your screen," said Gary Flynn, a security engineer at
> James Madison University, where users have recently reported
> receiving pop-up spam selling university diplomas.
>
> The Messenger service, not to be confused with Microsoft's MSN
> Messenger chat client, is enabled by default on Windows 2000, NT and
> XP systems, according to Lawrence Baldwin, operator of the
> myNetWatchman computer intrusion reporting service. Baldwin said
> potentially millions of systems may be vulnerable to the pop-ups,
> also known as "NetBIOS Spam."

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.