CRIME MS Messenger Vulnerability

From: Solomon, Charlie (clsolomon@private)
Date: Wed Sep 10 2003 - 13:48:15 PDT

  • Next message: Seth Arnold: "Re: CRIME MS Messenger Vulnerability"

        We've all long since heard about the MS Messenger service vulnerability
    whereby computers running the service that are directly connected to the
    Internet get hit with Messenger popup ads for University of Phoenix or other
    garbage.
     
            I've got a site that's using a Sonicwall firewall with no ports open
    and specifically has cleared the checkbox for 'Allow NetBIOS from LAN to
    WAN".  One of those users at that site is getting a popup when the machine
    is booted up that says 
     
            From machinename To machinename
                    A virus has been detected.  Please contact your
    administrator.
     
            I've had 2 people tell me that Messenger-spammers are very, very
    clever and have found a way through firewalls and Sonicwall in particular.
    Admittedly, this machine did have the Messenger service running, but I'm
    more concerned about this supposed hole that exists.  Has anyone encountered
    this?  Can anyone point me to a published article?  Or does this have more
    to do with the phase of the moon or the descension of Mercury?  Would a
    smudge stick and incense near the firewall help in this instance?  ;-)
        I really don't believe that this is causing these popups for a couple of
    reasons:  (1) It started shortly after I installed Panda Antivirus Platinum
    6, and (2) This popup doesn't advertise anything, doesn't vandalize
    anything, it doesn't even do a very good job of being scary.  I think it's
    just a poorly worded warning from Panda.
     
     
     
     
    Charlie Solomon
    Director of Information Systems
    Oregon Rail
    503.265.5568
     
     
     
     
    



    This archive was generated by hypermail 2b30 : Wed Sep 10 2003 - 14:23:46 PDT