RE: Windows Messenger Pop-up spam

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 11/30/04

  • Next message: Don Parker: "Re: how do i read this IDS log?" 
    To: "'Jon Lawhead'" <samurai@berkeley.edu>, "'Matthew Romanek'" <shandower@gmail.com>, <security-basics@securityfocus.com>
Date: Mon, 29 Nov 2004 15:42:24 -0800

      IIRC, Berkeley finally realized that allowing NetBIOS to/from
    the outside world was a bad idea last year during the MSBLAST
    epidemic. (My response to "how to turn off the messenger service"
    instructions has always been that if you turn it off and yet leave
    NetBIOS exposed, you're still vulnerable to a lot worse than Messenger
    spam; if you block it, Messenger traffic is blocked too.)

    > -----Original Message-----
    > From: Jon Lawhead [mailto:samurai@berkeley.edu]
    > Sent: Monday, November 29, 2004 12:19 PM
    > To: Matthew Romanek; security-basics@securityfocus.com
    > Subject: Re: Windows Messenger Pop-up spam
    >
    >
    > Like all spammers, those who advertise (intrusively) through
    > Windows Messenger only do so to make
    > a profit. When directions for disabling Windows Messenger
    > started being easily available, and
    > when ISP's and tech support workers started urging (or
    > forcing) customers to install firewall
    > software, advertising with Windows Messenger ceased to be
    > quite as profitable, so they stopped
    > doing it. I work for IT at UC Berkeley, and 8,000 students
    > arrive every year, many with no
    > protection, and I've yet to hear a complaint about this.
    > That may be, as you said, that something
    > more serious infects them before the spammers have a chance
    > to find them, but I don't think so.
    >
    >
    > Jon Lawhead
    > UC Berkeley SINE/ResComp
    >
    > On Mon, 29 Nov 2004 07:24:54 -0800
    > Matthew Romanek <shandower@gmail.com> wrote:
    > >Hey all,
    > >
    > >I've a question, asked purely for the sake of curiosity.
    > >
    > >I was just reminded of the bad old days working for an ISP
    > where every
    > >other call was about lewd messages popping up on a user's screen when
    > >they weren't even doing anything. Windows messaging popups were THE
    > >complaint at the time, and slowly we convinced people that personal
    > >firewalls were a good idea (via messenger popups, no less. We were a
    > >scummy little ISP, and no great bastion of morality).
    > >
    > >It just occured to me that I (personally) haven't seen a popup in
    > >several years. I assume it's because we've learned about security and
    > >firewalling and all that. So my question is: Is this sort of stuff
    > >still a problem? Does it still exist in the wild? I suppose I could
    > >plug an unprotected windows machine into a public IP address, but I
    > >think I'd be likely to be taken out by something worse before a
    > >messenger ad comes along. And I'm not THAT curious. :)
    > >
    > >--
    > >Matthew 'Shandower' Romanek
    > >IDS Analyst
    >

  • Next message: Don Parker: "Re: how do i read this IDS log?"