On Fri, 11 Oct 2002, Reasoner, Scott wrote: > At my organization, we run the Microsoft ISA Server to provide controlled > internet access on our internal network. This morning when I came in, there > was a Windows Messenger Service message on the screen (like from when you > use the NET SEND command). It's contents were advertising for college > diplomas (almost exactly the same text as some SPAM I've recieved). I'm > assuming this means that the ports used for SMB are not being properly > blocked from the internet (something that I know needs to be fixed). > > So, I'm curious, has anyone seen SPAM through the messenger service like > this, or should I be concerned about a system compromise? My initial > investigation of the machine shows nothing else out of the ordinary. > > The server is running Windows 2000 Server SP3 with all the latest updates > (as of yesterday) installed. The ISA Server is version 3.0.1200.50 (I found > there is a newer version out which I plan to upgrade to soon). This is just another spammer trick. Not content with abusing open relays, open proxies and insecure web forms, now they have this. It's becoming very common. Tech TV did a piece on this in May this year. http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html Paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Oct 11 2002 - 09:16:35 PDT