[Dshield] 4257 is messenger spam
secmail at patchsupplier.dyndns.org
Thu Jan 5 22:45:32 GMT 2006
Why port 4257 though?
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of
TRushing at hollandco.com
Sent: 05 January 2006 19:58
To: General DShield Discussion List
Subject: [Dshield] 4257 is messenger spam
I started tcpdump and got the following for a batch of 4257 hits:
Your Windows registry is corrupted and needs to be cleaned immediately.
Compromised registry files can lead to the following:
1. Complete access of your PC by hackers
2. Slow speeds resulting in slow downloads of internet files
3. The compromise of personal information stored on your computer
4. Complete system failure resulting in the need for a complete
of your hard drive.
To fix this problem:
1. Open Internet Explorer
2. In the URL field type - www.RegUpdate.net
3. Note that all versions of windows are supported.
4. Once you load the program, close this window.
Please note that once you visit www.RegUpdate.net and install and fix
with the program you will not receive any more reminders or pop-ups like
Whois shows a 17 Nov 2005 registration date, which would be consistent
with the 4257 spike:
More information about the list