Re: [ISN] Spam Masquerades as Admin Alerts

From: InfoSec News (isnat_private)
Date: Wed Oct 16 2002 - 23:46:07 PDT

  • Next message: InfoSec News: "[ISN] Security hole discovered in Symantec firewalls"

    Forwarded from: Gizmo Sprocket <gizmoat_private>
    I think there is a bit of confusion in this article.
    This practice, from what I have discovered, seems to be specific to
    the Windows Messaging service, not Windows Messenger (aka Microsoft
    Messenger or MSN Messenger).
    The Windows Messenger service is on NT Kernel Systems including NT
    3.*, 4.*, Windows 2000, and Windows XP.  There were add-ons, if I
    recall, for some older Windows versions to give this type of
    functionality, but it was rarely used on Windows 9x and 3.x platforms.
    A good firewall, with a proper protection policy enabled, would
    prevent these pop-ups.  Most personal firewalls will do this.  In
    fact, protecting your NetBIOS ports is a baseline best practice for
    Windows and other SMB enabled systems.
    That being said, it's quite possible to assume that the Windows
    Messenger application (the Microsoft Answer to AOL IM) could be used
    to send advertising as well... but this seems to be, for the moment, a
    less popular occurrence.
    ----- Original Message -----
    From: "InfoSec News" <isnat_private>
    To: <isnat_private>
    Sent: Wednesday, October 16, 2002 3:24 AM
    Subject: [ISN] Spam Masquerades as Admin Alerts
    > By Brian McWilliams
    > Oct. 15, 2002 PDT
    > A new breed of pop-up ads is appearing mysteriously on Microsoft
    > Windows users' computers. The so-called "Messenger spams" have
    > security experts and system administrators scratching their heads --
    > and recipients fuming.
    > Some of the ads, which hit Windows systems through backdoor
    > networking ports and not by e-mail or Web browsing, appear to have
    > been generated by Direct Advertiser, a $700 software program
    > developed by Florida-based
    > By tapping into Messenger, a Windows service originally designed to
    > enable system administrators to send messages to users on a network,
    > Direct Advertiser can deliver "completely anonymous and virtually
    > untraceable" ads "straight to the screen of your client," according
    > to the company's website.
    > "Now somebody on the other side of the world can sit there and pop
    > up messages on your screen," said Gary Flynn, a security engineer at
    > James Madison University, where users have recently reported
    > receiving pop-up spam selling university diplomas.
    > The Messenger service, not to be confused with Microsoft's MSN
    > Messenger chat client, is enabled by default on Windows 2000, NT and
    > XP systems, according to Lawrence Baldwin, operator of the
    > myNetWatchman computer intrusion reporting service. Baldwin said
    > potentially millions of systems may be vulnerable to the pop-ups,
    > also known as "NetBIOS Spam."
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 02:33:32 PDT