Information Security News mailing list archives
Re: Spam Masquerades as Admin Alerts
From: InfoSec News <isn () c4i org>
Date: Thu, 17 Oct 2002 01:46:07 -0500 (CDT)
Forwarded from: Gizmo Sprocket <gizmo () surfthe net> I think there is a bit of confusion in this article. This practice, from what I have discovered, seems to be specific to the Windows Messaging service, not Windows Messenger (aka Microsoft Messenger or MSN Messenger). The Windows Messenger service is on NT Kernel Systems including NT 3.*, 4.*, Windows 2000, and Windows XP. There were add-ons, if I recall, for some older Windows versions to give this type of functionality, but it was rarely used on Windows 9x and 3.x platforms. A good firewall, with a proper protection policy enabled, would prevent these pop-ups. Most personal firewalls will do this. In fact, protecting your NetBIOS ports is a baseline best practice for Windows and other SMB enabled systems. That being said, it's quite possible to assume that the Windows Messenger application (the Microsoft Answer to AOL IM) could be used to send advertising as well... but this seems to be, for the moment, a less popular occurrence. ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Wednesday, October 16, 2002 3:24 AM Subject: [ISN] Spam Masquerades as Admin Alerts
http://www.wired.com/news/technology/0,1282,55795,00.html By Brian McWilliams Oct. 15, 2002 PDT A new breed of pop-up ads is appearing mysteriously on Microsoft Windows users' computers. The so-called "Messenger spams" have security experts and system administrators scratching their heads -- and recipients fuming. Some of the ads, which hit Windows systems through backdoor networking ports and not by e-mail or Web browsing, appear to have been generated by Direct Advertiser, a $700 software program developed by Florida-based DirectAdvertiser.com. By tapping into Messenger, a Windows service originally designed to enable system administrators to send messages to users on a network, Direct Advertiser can deliver "completely anonymous and virtually untraceable" ads "straight to the screen of your client," according to the company's website. "Now somebody on the other side of the world can sit there and pop up messages on your screen," said Gary Flynn, a security engineer at James Madison University, where users have recently reported receiving pop-up spam selling university diplomas. The Messenger service, not to be confused with Microsoft's MSN Messenger chat client, is enabled by default on Windows 2000, NT and XP systems, according to Lawrence Baldwin, operator of the myNetWatchman computer intrusion reporting service. Baldwin said potentially millions of systems may be vulnerable to the pop-ups, also known as "NetBIOS Spam."
[...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Spam Masquerades as Admin Alerts InfoSec News (Oct 16)
- <Possible follow-ups>
- Re: Spam Masquerades as Admin Alerts InfoSec News (Oct 17)
- Re: Spam Masquerades as Admin Alerts InfoSec News (Oct 18)