[Dshield] UPD Spam

Miles Stevenson miles at mstevenson.org
Fri Apr 16 14:53:07 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<snip>
> It's been a long time since I ran Windows, so maybe someone on this list
> who does has seen this frequently. It shocked me, I expect email spam- but
> not this. What if it was a child who saw this pop up in front of them?
</snip>

I have seen this happen to broadband users who are without a firewall. 
Unfortunately, it is starting to become commonplace for spammers to use the 
Windows messenger service for distribution. See:
<url>
http://www.theregister.co.uk/2003/01/30/messenger_popup_spam_makes_us/
</url>

I do not know of any particular viruses or worms that use MS Messenger service 
to distribute spam, but that doesn't mean they don't exist. As usual, the 
best defense is a firewall with a sane filtering ruleset (off the shelf 
broadband routers would do the trick), and to shut off any unneeded services 
(who really uses the winpopup feature?). 

If you continue to capture data, you may be able to convince the right people 
at Dartmouth to have the offending spammer disconnected. If you are REALLY 
lucky, they may even be convinced to filter outbound traffic, but that's a 
long shot. FIrewall policies are often lax at universities. 

Good luck, and thanks for sharing!

- -- 
Miles Stevenson
miles at mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAf/NTMp+InXZ9L2MRAmw7AJ0ZUTOIpKEBVaNn8Ip8llNRRd5ynwCfWk5d
RhXnzfRrBoEhw9tHeTwMMnE=
=M6xg
-----END PGP SIGNATURE-----



More information about the list mailing list