Re: CRIME MS Messenger Vulnerability

From: Alan (alan@private)
Date: Wed Sep 10 2003 - 21:18:57 PDT

  • Next message: Karl Kulaga: "RE: CRIME MS Messenger Vulnerability"

    On Wed, 2003-09-10 at 16:03, Seth Arnold wrote:
    > On Wed, Sep 10, 2003 at 01:48:15PM -0700, Solomon, Charlie wrote:
    > >         I've got a site that's using a Sonicwall firewall with no ports open
    > > and specifically has cleared the checkbox for 'Allow NetBIOS from LAN to
    > > WAN".  One of those users at that site is getting a popup when the machine
    > > is booted up that says 
    > >  
    > >         From machinename To machinename
    > >                 A virus has been detected.  Please contact your
    > >                 administrator.
    > 
    > I strongly recommend running a tool such as ad-aware. Perhaps you aren't
    > seeing messenger traffic as much as some annoying pop-up that the machine
    > itself triggers.
    
    I have used AdAware on a number of machines.  It is very helpful.
    
    They stopped updating it for a while, but there is a new and current
    version.
    
    http://www.lavasoft.de/support/download/
    
    Another useful program is Zone Alarm.  It will show outgoing connections
    and the program that attempted the connection.  It will also allow you
    to selectively block connections based on program.
    
    http://www.zonelabs.com/store/content/company/zap_za_grid.jsp
    
    Both programs have free versions. Both are for Windows in its various
    incarnations.
    
    
    
    
    > 
    > (Or, to use the terminology of 1997, maybe you're using Pull technology
    > rather than Push technology to see these things.)
    -- 
    Alan <alan@private>
    



    This archive was generated by hypermail 2b30 : Wed Sep 10 2003 - 22:12:02 PDT