Windows messenger new spammer tool ?
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Windows messenger new spammer tool ?

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050

    Windows messenger new spammer tool ?

    hello people

    found this at the register this morning has any one else encounterd spam from windows messenger services well it seems that a company called DirectAdvertisment is spamming with alert messages

    http://www.theregister.co.uk/content/4/27634.html

    Windows Messenger is new spam vector
    By Thomas C Greene in Washington
    Posted: 16/10/2002 at 08:44 GMT

    The forces of evil have produced a devilish tool whereby spam can be sent to thousands of Windows users in minutes, in the guise of system alerts. This was brought to our attention by reader Mike MacNeill, who sent us a screenie of a Windows system alert offering him the university diploma of his dreams with "no required tests, classes, books or interviews," in the classic manner. Below is a smaller example:



    The scam is the brainchild of an outfit called DirectAdvertiser , and leverages the Windows RPC (Remote Procedure Call) function. I downloaded the demo version and played around for a while. My results may not be entirely accurate because I didn't use the full, $700 version, and because I used it on my own network behind a firewall. However, running Ethereal on the box and trying it out revealed packets destined for ports 135 (DCE/RPC), 137 (NetBIOS name service) and 138 (NetBIOS UDP) on the target.

    So we have here essentially a NetBIOS attack tool. It's capable of attacking entire IP ranges, but will not (the company says) get past a firewall or provide a hyperlink in the alert to the attacker's commercial Web site. The latter shortcoming is currently being addressed, the company says.

    The quickest way to defeat it is simply to shut off Windows Messenger (not the MSN Messenger IM client), so long as it's not needed by other applications. Otherwise port 135 UDP and TCP can be filtered. If neither of these solutions is suitable, the company invites you to share with them "any questions, comments, or suggestions that you may have" at this e-mail address.
    follow the link to see the pop up picture it sends
    i think windows alert messages was enough for me now they are spamming with them geez whats next

    all thought and views on this subject are highly welcome
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  2. #2
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    I think this happened to me yesterday. I'm using Trillian though ...
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  3. #3
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    hmmmm...don't confuse this with MSN (or windows) messenger. What they are talking about is actually the messenger built into windows that Administrators use to send messages to users across the network, not the popular IM service.
    Al
    It isn't paranoia when you KNOW they're out to get you...

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    405

    Question

    The quickest way to defeat it is simply to shut off Windows Messenger (not the MSN Messenger IM client)
    So is it the Messenger service which runs under 2k (and XP I assume) that you have to disable? Do you have to disable the XP Windows Messenger client? Are these possibly the same thing? If they are only talking about the service then they haven't really made it clear enough.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,050
    powertoad more info here in it how to disable it and more detail on it

    http://www.techtv.com/screensavers/a...374542,00.html
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  6. #6
    Senior Member
    Join Date
    Jun 2002
    Posts
    405
    On the link to the original page at The Register it said the full version was $700. But if it uses the Messenger service in NT/2K/XP, it would be as simple as scanning those specific ports and then doing a 'net send' for the message on a mass scale (not totally sure about this). $700 for something that simple? I hope they don't get any customers - bastard spammers.

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534

    NET SEND

    Indeed powertoad..

    net send is a sometimes usefull tool that has gotten me fired once, for mass spamming the company I worked with with a simple message.

    Allways remember: if the world would not suck, we'd all fall off . . .
    They didn't like it.
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    They have been doing that with AIM and AOL IM for the longest time... Anyone remember 'progz' , lol...
    yeah, I\'m gonna need that by friday...

  9. #9
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Yeah, I've been getting those damned messages. When I was in class for NT 4.0, the more "savvy" users used to send messages to unsuspecting people using net send. It was pretty funny to watch them try to figure out where it was coming from. ROFL! I think you can just disable the messenger service (at least, it was that way in NT), and you will no longer get those messages. The format does indeed suggest that it's some sort of mass net send, and they could possibly be getting paid for that??? UGH!
    Opinions are like holes - everybody\'s got\'em.

    Smile

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    It is my understanding that since the messenger uses the net utilities, it transports over tcp/139 (maybe tcp/135), and udp/137-138. We currently block all inbound netbios connections from the internet (very scary things can happen if you don't), so wouldn't that cover it?

    I guess what I am getting at, does the messenger use the standard netbios ports or is it off in a world of its own (M$ has been known to do that before )

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •