RE: Source of Windows PopUp SPAM

• Previous message: H C: "RE: Source of Windows PopUp SPAM"
• Maybe in reply to: Lawrence Baldwin: "Source of Windows PopUp SPAM"
• Next in thread: H C: "RE: Source of Windows PopUp SPAM"
• Reply: H C: "RE: Source of Windows PopUp SPAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here is another article:
http://www.techtv.com/screensavers/answerstips/story/0,24330,3374542,00.html

-----Original Message-----
From: Ron Trenka [mailto:ronat_private]
Sent: Wednesday, October 16, 2002 10:40 AM
To: incidentsat_private
Subject: Re: Source of Windows PopUp SPAM


on 10/15/02 12:29 PM, Lawrence Baldwin at baldwinLat_private wrote:

> We've identified a commercial, Windows-based SPAM package which sends SPAM
> via popups (all for $699).
> I've confirmed that this particular package (which I can't name, yet..)
> sends popups via MS RPC.
> I suspect this package is running on these Linux systems under VMWARE
> emulated Windows sessions.
> 
> What is also interesting is that some users, despite running personal
> firewalls, are still reporting getting these popups.  This probably
explains
> the developers choice to use MS RPC (udp/135) for delivery instead of a
> straight Netbios SMB call (tcp/139).  MS RPC would be less overhead, but
> also has the potential to reach more people as even those with firewalls
are
> often giving 'svchost.exe' server priviledges because they assume it's
> necessary:
> 
> http://www.dslreports.com/forum/remark,4718327~root=security,1~mode=flat

Anyone have a way to disable this on W2K and NT 4.0 servers?

***********************************************************
* Ron Trenka              | "You do not need a parachute  *
* Zowie Digital Media     | to skydive.  You only need a  *
* www.zowiedigital.com    | parachute to skydive twice."  *
* ronat_private    |          www.DarwinAwards.com *
* (212) 627-4991 x22      |                               *
***********************************************************




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Next message: Denis Dimick: "Re: Help me identify this IIS DoS attack"
• Previous message: H C: "RE: Source of Windows PopUp SPAM"
• Maybe in reply to: Lawrence Baldwin: "Source of Windows PopUp SPAM"
• Next in thread: H C: "RE: Source of Windows PopUp SPAM"
• Reply: H C: "RE: Source of Windows PopUp SPAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 20:43:17 PDT