Re: mass email - program or virus?

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 01/22/04 

Date: Wed, 21 Jan 2004 20:40:06 -0700

If the machine was in a domain environment, and the machines
in the domain have the messenger service running (as they seem
to have by your message)
then all he would have needed to do was, at a cmd prompt entered
net send /domain ha ha loser
or for that matter, in a workgroup the following could have been used
net send * ha ha loser

It is very conceivable that someone sent something to him
that tricked him into executing this command. It is also
conceivable that he "discovered" that messenger service
was running on all the machines so he could net send to them.

At a cmd prompt enter
net help send
for info on the command syntax
"Jim" <anonymous@discussions.microsoft.com> wrote in message
news:1f6b01c3e083$36857780$a001280a@phx.gbl...
> My son sent a network wide email at school (600+) from
> him to each person individually with the text "ha ha
> loser".
>
> The school is on a wireless network and all students have
> laptop.
>
> His version is that he got an e mail that the subject
> matter was windows upgrade. Message was something
> like "please open following attachment to open windows".
> He did, it open a zip file, he unziped and it ran
> something called "net send". A program popped up, froze
> his options to click on something close to "bomb send
> infinite"
>
> My question is does this sound familiar/similiar to
> anything? I'm searching for a virus but he could of
> downloaded a program on purpose just as well. I'm just
> not sure.
>
> Let me know any thoughts.
>
> Jim

Relevant Pages

  • Re: Help ion Class
    ... If you're an MCT you should know this. ... Try stopping the Messenger service on machines that you do not want to ... NT/Win2K/WinXP machines. ...
    (microsoft.public.security)
  • Re: Joining imaged workstations with dup SIDs to AD. Effects?
    ... Machines with duplicate sid's in a domain environment won't create an issue, but I would suggest you run sysprep or in the current predicament you are in I would run newsid on the existing machines. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Net message
    ... Yes the messenger service is running on all machines and is set to automatic ... see if there are any relevant messages in Event Viewer. ... > Please post any reply as a follow-up message in the news group ...
    (microsoft.public.windowsxp.network_web)
  • Re: windows xp security on a domain
    ... > Other more experienced users have gained access to my PC ... > security holes on our own machines or on our home ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Win 2000 slow logon to domain
    ... Yes it is logging into a domain environment. ... And from time to time users are ... use net use to map again; or rejoin the domain using the same computer. ... >> same user can logon using some older machines and the logon time is ...
    (microsoft.public.win2000.general)
Quantcast