| Author |
 Topic  |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
 Posted - 27 November 2003 : 10:34:43
|
A friend of mine has been receiving popup spams, which pretend to want to protect her against a supposed Windows problem that could be maliciously exploited. Of course, to protect the computer one must buy their messenger spam killer app.
Has anyone ever experienced this? Is there a way to cover what seems to me a hole without resorting to these spam killer apps. I've found a small free app named Spam Slammer, but frankly I don't feel too confortable with it...
This has never happened to me, I guess ZoneAlarm takes care of it, but my friend has Norton installed and probably the current configuration allows this... I know I gotta check to see if I can avoid it, but I would welcome your comments / experiences on this. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 November 2003 : 12:42:30
|
| just disable the service if he's not going to use it. |
 |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 27 November 2003 : 16:30:20
|
quote:
Originally posted by ruirib
quote:
Originally posted by dayve
just disable the service if he's not going to use it.
I'm just worried that the machine can be reached from the Net.
yeah, I understand the caution and concern, but this is a well documented exploit of this service. In fact I think 2003 Server has done away with it. I also think I read the next service pack will be removing the feautre, but don't quote me on that. |
|
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 28 November 2003 : 01:34:05
|
Block port 135. If you simply stop the messenger service to eliminate the popups you're still open to other port 135 hacks. The blaster worm got in through the same port.
You can run an exposure test of your computer at www.grc.com
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 28 November 2003 : 11:38:11
|
| You shouldn't be open to other port 135 hacks because by default that port should be closed. Those infected with Blaster either did not have a firewall, had a misconfigured firewall or wanted to use port 135 for some reason, but I think for the most part, those with firewalls never even had this port open. |
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 28 November 2003 : 12:12:24
|
I guess I will test the firewall. I did it when I first installed the firewall, but I guess my friend has changed some of the things in configuration.
I know Steve Gibson's website and his firewall tests. I also like PCFlank.com tests. They test things that are not tested elsewhere. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
Edited by - ruirib on 28 November 2003 12:13:09 |
|
|
|
Faizan
Average Member
United Kingdom
592 Posts |
Posted - 28 November 2003 : 15:01:42
|
That spam comes with Windows Messenger, when I uninstalled Windows Messenger and installed MSNm6.1, everything worked alright after that.
|
»Snitz Graphics
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 28 November 2003 : 15:13:41
|
quote:
Originally posted by Faizan
That spam comes with Windows Messenger, when I uninstalled Windows Messenger and installed MSNm6.1, everything worked alright after that.
the messenger service is installed with the OS, not with MSN. it is defaulted to automatically start as well. all you have to do is disable ths service.
 |
|
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 01 December 2003 : 14:51:50
|
quote:
Originally posted by dayve
You shouldn't be open to other port 135 hacks because by default that port should be closed. Those infected with Blaster either did not have a firewall, had a misconfigured firewall or wanted to use port 135 for some reason, but I think for the most part, those with firewalls never even had this port open.
If port 135 was blocked messenger popups wouldn't have gotten on the computer in the first place. If port 135 is open, turning off the messenger service only prevents messenger popups but you're still open to other port 135 attacks.
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 01 December 2003 : 16:19:17
|
| I know, I think what I was getting at is why port 135 was opened in the first place because by default it should be closed. |
|
|
|
| |
Topic |
|
Topic Locked
. Anyway I guess I need to have a look at my friend's firewall settings.