We've all long since heard about the MS Messenger service vulnerability whereby computers running the service that are directly connected to the Internet get hit with Messenger popup ads for University of Phoenix or other garbage. I've got a site that's using a Sonicwall firewall with no ports open and specifically has cleared the checkbox for 'Allow NetBIOS from LAN to WAN". One of those users at that site is getting a popup when the machine is booted up that says From machinename To machinename A virus has been detected. Please contact your administrator. I've had 2 people tell me that Messenger-spammers are very, very clever and have found a way through firewalls and Sonicwall in particular. Admittedly, this machine did have the Messenger service running, but I'm more concerned about this supposed hole that exists. Has anyone encountered this? Can anyone point me to a published article? Or does this have more to do with the phase of the moon or the descension of Mercury? Would a smudge stick and incense near the firewall help in this instance? ;-) I really don't believe that this is causing these popups for a couple of reasons: (1) It started shortly after I installed Panda Antivirus Platinum 6, and (2) This popup doesn't advertise anything, doesn't vandalize anything, it doesn't even do a very good job of being scary. I think it's just a poorly worded warning from Panda. Charlie Solomon Director of Information Systems Oregon Rail 503.265.5568
This archive was generated by hypermail 2b30 : Wed Sep 10 2003 - 14:23:46 PDT