[Dshield] Windows Messenger Popup Spam on UDP Port 1026

Rick Klinge rick at famhost.com
Sat Jun 21 15:28:46 GMT 2003


Yes Joe.. :-)

~Rick

----- Original Message ----- 
From: "KJS_Public" <kjs_public at sbcglobal.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, June 21, 2003 9:55 AM
Subject: Re: [Dshield] Windows Messenger Popup Spam on UDP Port 1026


> Am I the only one that feels that this message in itself is spam?
> 
> ----- Original Message ----- 
> From: "Joe Stewart" <jstewart at lurhq.com>
> To: <list at dshield.org>
> Cc: <isc at sans.org>; <intrusions at incidents.org>;
> <full-disclosure at lists.netsys.com>
> Sent: Friday, June 20, 2003 9:37 PM
> Subject: [Dshield] Windows Messenger Popup Spam on UDP Port 1026
> 
> 
> > Windows Messenger Popup Spam on UDP Port 1026
> >
> > URL: http://www.lurhq.com/popup_spam.html
> > Release Date: June 20, 2003
> > Author: Joe Stewart
> >
> > LURHQ Corporation has observed traffic to large blocks of IP addresses
> > on UDP port 1026. This traffic started around June 18, 2003 and has
> > been constant since that time. LURHQ analysts have determined that the
> > source of the traffic is spammers who have discovered that the Windows
> > Messenger service listens for connections on port 1026 as well as the
> > more widely-known port 135. Windows Messenger has been a target for
> > spammers since late last year, because it allows anonymous pop-up
> > messages to be displayed on any Windows system running the messenger
> > service. Due to widespread abuse, many ISPs have moved to block
> > inbound traffic on UDP port 135. It appears the spammers have adapted,
> > so ISPs are urged to block UDP port 1026 inbound as well.
> >
> > It is possible to disable the messenger service on some platforms
> > following the instructions below. However, the fact that you can
> > receive these messages points to the fact that your computer is
> > unsecured and vulnerable to other possible attacks in the future.
> > Disabling the messenger service will stop the pop-up spam, but will
> > not protect you in any other way. Home users are encouraged to install
> > personal firewall software to block unauthorized connections to their
> > computers. Users are discourged from purchasing specialized Windows
> > Messenger popup blocking software as it is often sold by the same
> > company that is sending the popups.
> >
> > To disable the Messenger Service, follow the instructions for your
> > Windows version:
> >
> > Windows XP Home
> >   * Click Start, then click Control Panel.
> >   * Double-click Performance and Maintenance.
> >   * Double-click Administrative Tools.
> >   * Double-click Services.
> >   * Scroll down, highlight and right-click on Messenger and choose
> >     Properties
> >   * In the "Startup type" list, choose Disabled.
> >   * Click Stop, and then click OK.
> >
> > Windows XP Professional
> >   * Click Start, then click Control Panel.
> >   * Double-click Administrative Tools
> >   * Double-click Services
> >   * Scroll down, highlight and right-click on Messenger and choose
> >     Properties
> >   * In the "Startup type" list, choose Disabled.
> >   * Click Stop, and then click OK.
> >
> > Windows 2000/NT
> >   * Click Start, go to Settings, then click Control Panel.
> >   * Double-click Administrative Tools.
> >   * Double-click Service.
> >   * Double-click Messenger.
> >   * In the "Startup type" list, choose Disabled.
> >   * Click Stop, and then click OK.
> >
> > Windows 98/ME
> > The Windows Messenger Service cannot be disabled
> >
> > --
> >

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list