Information Security News mailing list archives
Re: Spam Masquerades as Admin Alerts
From: InfoSec News <isn () c4i org>
Date: Fri, 18 Oct 2002 00:48:52 -0500 (CDT)
Forwarded from: H C <keydet89 () yahoo com> Cc: gizmo () surfthe net
I think there is a bit of confusion in this article. This practice, from what I have discovered, seems to be specific to the Windows Messaging service, not Windows Messenger (aka Microsoft Messenger or MSN Messenger).
I don't see where you found the "confusion"...McWilliams specifically referred to the service and even provided a link to an MS KB article.
A good firewall, with a proper protection policy enabled, would prevent these pop-ups.
Some of the folks on the public lists have "good firewalls"...but they still get hit w/ this stuff. The reason is b/c some of them have to allow DCOM/RPC portmapper (UDP 135) through for a specific purpose.
Most personal firewalls will do this. In fact, protecting your NetBIOS ports is a baseline best practice for Windows and other SMB enabled systems.
NetBIOS ports aren't used by the DirectAdvertiser application. They are used by the "net send" command, and the NetMessageBufferSend() API (which 'net send' uses)...however the popups most folks are seeing are coming in over DCOM/RPC. Again...I'm not all that clear on where you found "confusion" in the article. To be quite honest, it was relatively clear. The only folks who might be confused by it are those who chose not to read it completely. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Spam Masquerades as Admin Alerts InfoSec News (Oct 16)
- <Possible follow-ups>
- Re: Spam Masquerades as Admin Alerts InfoSec News (Oct 17)
- Re: Spam Masquerades as Admin Alerts InfoSec News (Oct 18)