on 10/15/02 12:29 PM, Lawrence Baldwin at baldwinLat_private wrote: > We've identified a commercial, Windows-based SPAM package which sends SPAM > via popups (all for $699). > I've confirmed that this particular package (which I can't name, yet..) > sends popups via MS RPC. > I suspect this package is running on these Linux systems under VMWARE > emulated Windows sessions. > > What is also interesting is that some users, despite running personal > firewalls, are still reporting getting these popups. This probably explains > the developers choice to use MS RPC (udp/135) for delivery instead of a > straight Netbios SMB call (tcp/139). MS RPC would be less overhead, but > also has the potential to reach more people as even those with firewalls are > often giving 'svchost.exe' server priviledges because they assume it's > necessary: > > http://www.dslreports.com/forum/remark,4718327~root=security,1~mode=flat Anyone have a way to disable this on W2K and NT 4.0 servers? *********************************************************** * Ron Trenka | "You do not need a parachute * * Zowie Digital Media | to skydive. You only need a * * www.zowiedigital.com | parachute to skydive twice." * * ronat_private | www.DarwinAwards.com * * (212) 627-4991 x22 | * *********************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 15:58:19 PDT