[60964] in North American Network Operators' Group
RE: virus or hacked?
daemon@ATHENA.MIT.EDU (McBurnett, Jim)
Wed Aug 20 13:53:45 2003
Date: Wed, 20 Aug 2003 13:48:50 -0400
From: "McBurnett, Jim" <jmcburnett@msmgmt.com>
To: "Todd Mitchell - lists" <lists@ciphin.com>,
"Chris Todd" <ctodd@westernnews.com>
Cc: <nanog@nanog.org>
Errors-To: owner-nanog-outgoing@merit.edu
->| -----Original Message-----
->| From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf
->Of
->| Chris Todd
->| Sent: Wednesday, August 20, 2003 12:33 PM
->| To: 'nanog@merit.edu'
->| Subject: virus or hacked?
->|=20
->|=20
->| Good morning:
->| I was wondering if anyone has seen this message on a win2k server
->before
->| and
->| might be able to help me
->|=20
->| Message from destroyer to you on 8/19/2003 11:24:53pm
->| Make this your last pop-up ever Destroy all these pop-up for a
->fraction of
->| the price of our competitors!!!
->| go to www. messagdestroyer.net
->|=20
->| This is all in a plain windows box(gray box with an ok button at the
->| bottom
->| and the X is the upper right corner)
->|=20
->
->This is a standard Windows messenger (not MSN messenger) spam. If you
->don't use the Windows messenger service, disable the "messenger"
->service. SPAM will stop.
->
->Todd
If you have this showing up on a server that is behind a firewall, you=20
may have a MUCH bigger problem. The access to the messenger service
requires access to a specific port, and this problem normally only =
manifests
itslef when the server/workstation is plugged directly into an internet =
pipe
with a real world IP on one of it's network cards!!!!!
If you are not behind a firewall/router of even the linksys family, =
shame on you.
If you are behind a firewall... Oh boy, better look for some security =
problems!!!!
later,
J
