Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Community Discussions (All other subjects)
 Messenger Spam
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 27 November 2003 :  10:34:43  Show Profile  Send ruirib a Yahoo! Message
A friend of mine has been receiving popup spams, which pretend to want to protect her against a supposed Windows problem that could be maliciously exploited. Of course, to protect the computer one must buy their messenger spam killer app.

Has anyone ever experienced this? Is there a way to cover what seems to me a hole without resorting to these spam killer apps. I've found a small free app named Spam Slammer, but frankly I don't feel too confortable with it...

This has never happened to me, I guess ZoneAlarm takes care of it, but my friend has Norton installed and probably the current configuration allows this... I know I gotta check to see if I can avoid it, but I would welcome your comments / experiences on this.


Snitz 3.4 Readme | Like the support? Support Snitz too

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 27 November 2003 :  11:05:55  Show Profile
Here's a site dedicated to stopping messenger spam: http://www.stopmessengerspam.com/

They have instructions for XP users: http://www.stopmessengerspam.com/windows_xp/windows_xp.html

And having a firewall installed would stop the messenger spam.

Support Snitz Forums

Edited by - Davio on 27 November 2003 11:07:50
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 27 November 2003 :  11:47:26  Show Profile  Send ruirib a Yahoo! Message
Hehe. Guess who was sending the spam... It came from StopMessengerSpam . Anyway I guess I need to have a look at my friend's firewall settings.


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 27 November 2003 :  12:42:30  Show Profile  Visit dayve's Homepage
just disable the service if he's not going to use it.

Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 27 November 2003 :  16:19:19  Show Profile  Send ruirib a Yahoo! Message
quote:
Originally posted by dayve

just disable the service if he's not going to use it.


I'm just worried that the machine can be reached from the Net.


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 27 November 2003 :  16:30:20  Show Profile  Visit dayve's Homepage
quote:
Originally posted by ruirib

quote:
Originally posted by dayve

just disable the service if he's not going to use it.


I'm just worried that the machine can be reached from the Net.



yeah, I understand the caution and concern, but this is a well documented exploit of this service. In fact I think 2003 Server has done away with it. I also think I read the next service pack will be removing the feautre, but don't quote me on that.

Go to Top of Page

Doug G
Support Moderator

USA
6493 Posts

Posted - 28 November 2003 :  01:34:05  Show Profile
Block port 135. If you simply stop the messenger service to eliminate the popups you're still open to other port 135 hacks. The blaster worm got in through the same port.

You can run an exposure test of your computer at www.grc.com


======
Doug G
======
Computer history and help at www.dougscode.com
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 28 November 2003 :  11:38:11  Show Profile  Visit dayve's Homepage
You shouldn't be open to other port 135 hacks because by default that port should be closed. Those infected with Blaster either did not have a firewall, had a misconfigured firewall or wanted to use port 135 for some reason, but I think for the most part, those with firewalls never even had this port open.

Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 28 November 2003 :  12:12:24  Show Profile  Send ruirib a Yahoo! Message
I guess I will test the firewall. I did it when I first installed the firewall, but I guess my friend has changed some of the things in configuration.
I know Steve Gibson's website and his firewall tests. I also like PCFlank.com tests. They test things that are not tested elsewhere.


Snitz 3.4 Readme | Like the support? Support Snitz too

Edited by - ruirib on 28 November 2003 12:13:09
Go to Top of Page

Faizan
Average Member

United Kingdom
592 Posts

Posted - 28 November 2003 :  15:01:42  Show Profile  Visit Faizan's Homepage  Send Faizan an AOL message  Send Faizan an ICQ Message  Send Faizan a Yahoo! Message
That spam comes with Windows Messenger, when I uninstalled Windows Messenger and installed MSNm6.1, everything worked alright after that.




»Snitz Graphics
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 28 November 2003 :  15:13:41  Show Profile  Visit dayve's Homepage
quote:
Originally posted by Faizan

That spam comes with Windows Messenger, when I uninstalled Windows Messenger and installed MSNm6.1, everything worked alright after that.


the messenger service is installed with the OS, not with MSN. it is defaulted to automatically start as well. all you have to do is disable ths service.


Go to Top of Page

Doug G
Support Moderator

USA
6493 Posts

Posted - 01 December 2003 :  14:51:50  Show Profile
quote:
Originally posted by dayve

You shouldn't be open to other port 135 hacks because by default that port should be closed. Those infected with Blaster either did not have a firewall, had a misconfigured firewall or wanted to use port 135 for some reason, but I think for the most part, those with firewalls never even had this port open.


If port 135 was blocked messenger popups wouldn't have gotten on the computer in the first place. If port 135 is open, turning off the messenger service only prevents messenger popups but you're still open to other port 135 attacks.


======
Doug G
======
Computer history and help at www.dougscode.com
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 01 December 2003 :  16:19:17  Show Profile  Visit dayve's Homepage
I know, I think what I was getting at is why port 135 was opened in the first place because by default it should be closed.

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.32 seconds. Powered By: Snitz Forums 2000 Version 3.4.07