[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE192o75stjqL0004ce94@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Windows Messenger Popup Spam on UDP Port 1026
so all users should suffer an ISP blocking ports just because some
people run windows???? excuse me? Better would be to just disable
windows mesaging service. or issue a patch for it, as opposed to
blocking port traffic.
wood
----- Original Message -----
From: "Joe Stewart" <jstewart@...hq.com>
To: <list@...ield.org>
Cc: <full-disclosure@...ts.netsys.com>; <intrusions@...idents.org>;
<isc@...s.org>
Sent: Friday, June 20, 2003 7:37 PM
Subject: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port
1026
> Windows Messenger Popup Spam on UDP Port 1026
>
> URL: http://www.lurhq.com/popup_spam.html
> Release Date: June 20, 2003
> Author: Joe Stewart
>
> LURHQ Corporation has observed traffic to large blocks of IP
addresses
> on UDP port 1026. This traffic started around June 18, 2003 and has
> been constant since that time. LURHQ analysts have determined that
the
> source of the traffic is spammers who have discovered that the
Windows
> Messenger service listens for connections on port 1026 as well as
the
> more widely-known port 135. Windows Messenger has been a target for
> spammers since late last year, because it allows anonymous pop-up
> messages to be displayed on any Windows system running the messenger
> service. Due to widespread abuse, many ISPs have moved to block
> inbound traffic on UDP port 135. It appears the spammers have
adapted,
> so ISPs are urged to block UDP port 1026 inbound as well.
>
> It is possible to disable the messenger service on some platforms
> following the instructions below. However, the fact that you can
> receive these messages points to the fact that your computer is
> unsecured and vulnerable to other possible attacks in the future.
> Disabling the messenger service will stop the pop-up spam, but will
> not protect you in any other way. Home users are encouraged to
install
> personal firewall software to block unauthorized connections to
their
> computers. Users are discourged from purchasing specialized Windows
> Messenger popup blocking software as it is often sold by the same
> company that is sending the popups.
>
> To disable the Messenger Service, follow the instructions for your
> Windows version:
>
> Windows XP Home
> * Click Start, then click Control Panel.
> * Double-click Performance and Maintenance.
> * Double-click Administrative Tools.
> * Double-click Services.
> * Scroll down, highlight and right-click on Messenger and choose
> Properties
> * In the "Startup type" list, choose Disabled.
> * Click Stop, and then click OK.
>
> Windows XP Professional
> * Click Start, then click Control Panel.
> * Double-click Administrative Tools
> * Double-click Services
> * Scroll down, highlight and right-click on Messenger and choose
> Properties
> * In the "Startup type" list, choose Disabled.
> * Click Stop, and then click OK.
>
> Windows 2000/NT
> * Click Start, go to Settings, then click Control Panel.
> * Double-click Administrative Tools.
> * Double-click Service.
> * Double-click Messenger.
> * In the "Startup type" list, choose Disabled.
> * Click Stop, and then click OK.
>
> Windows 98/ME
> The Windows Messenger Service cannot be disabled
>
> --
>
> About LURHQ Corporation
> LURHQ Corporation is the trusted provider of Managed Security
> Services. Founded in 1996, LURHQ has built a strong business
> protecting the critical information assets of more than 400
customers
> by offering managed intrusion prevention and protection services.
> LURHQ's 24X7 Incident Handling capabilities enable customers to
> enhance their security posture while reducing the costs of managing
> their security environments. LURHQ's OPEN Service Delivery(TM)
> methodology facilitates a true partnership with customers by
providing
> a real time view of the organization's security status via the
> Sherlock Enterprise Security Portal. For more information visit
> http://www.lurhq.com/
>
> Copyright (c) 2003 LURHQ Corporation. Permission is hereby granted
for
> the redistribution of this document electronically. It is not to be
> altered or edited in any way without the express written consent of
> LURHQ Corporation. If you wish to reprint the whole or any part of
> this document in any other medium excluding electronic media, please
> e-mail advisories@...hq.com for permission.
>
> Disclaimer
> The information within this paper may change without notice. Use of
> this information constitutes acceptance for use in an AS IS
condition.
> There are NO warranties implied or otherwise with regard to this
> information. In no event shall the author be liable for any damages
> whatsoever arising out of or in connection with the use or spread of
> this information.
>
> Feedback
> Updates and/or comments to:
> LURHQ Corporation
> http://www.lurhq.com/
> advisories@...hq.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists