We've all long since heard about the MS Messenger service vulnerability
whereby computers running the service that are directly connected to the
Internet get hit with Messenger popup ads for University of Phoenix or other
garbage.
I've got a site that's using a Sonicwall firewall with no ports open
and specifically has cleared the checkbox for 'Allow NetBIOS from LAN to
WAN". One of those users at that site is getting a popup when the machine
is booted up that says
From machinename To machinename
A virus has been detected. Please contact your
administrator.
I've had 2 people tell me that Messenger-spammers are very, very
clever and have found a way through firewalls and Sonicwall in particular.
Admittedly, this machine did have the Messenger service running, but I'm
more concerned about this supposed hole that exists. Has anyone encountered
this? Can anyone point me to a published article? Or does this have more
to do with the phase of the moon or the descension of Mercury? Would a
smudge stick and incense near the firewall help in this instance? ;-)
I really don't believe that this is causing these popups for a couple of
reasons: (1) It started shortly after I installed Panda Antivirus Platinum
6, and (2) This popup doesn't advertise anything, doesn't vandalize
anything, it doesn't even do a very good job of being scary. I think it's
just a poorly worded warning from Panda.
Charlie Solomon
Director of Information Systems
Oregon Rail
503.265.5568
This archive was generated by hypermail 2b30 : Wed Sep 10 2003 - 14:23:46 PDT