[Dshield] 4257 is messenger spam

stu secmail at patchsupplier.dyndns.org
Thu Jan 5 22:45:32 GMT 2006

Why port 4257 though?

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of
TRushing at hollandco.com
Sent: 05 January 2006 19:58
To: General DShield Discussion List
Subject: [Dshield] 4257 is messenger spam

I started tcpdump and got the following for a batch of 4257 hits:


Your Windows registry is corrupted and needs to be cleaned immediately.

Compromised registry files can lead to the following:

1. Complete access of your PC by hackers
2. Slow speeds resulting in slow downloads of internet files
3. The compromise of personal information stored on your computer
4. Complete system failure resulting in the need for a complete
of your hard drive.

To fix this problem:

1. Open Internet Explorer
2. In the URL field type -  www.RegUpdate.net
3. Note that all versions of windows are supported.
4. Once you load the program, close this window.

Please note that once you visit  www.RegUpdate.net  and install and fix 
your PC 
with the program you will not receive any more reminders or pop-ups like

this one.


Whois shows a 17 Nov 2005 registration date, which would be consistent 
with the 4257 spike:

More information about the list mailing list