so all users should suffer an ISP blocking ports just because some people run windows???? excuse me? Better would be to just disable windows mesaging service. or issue a patch for it, as opposed to blocking port traffic.
wood ----- Original Message ----- From: "Joe Stewart" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, June 20, 2003 7:37 PM Subject: [Full-Disclosure] Windows Messenger Popup Spam on UDP Port 1026 > Windows Messenger Popup Spam on UDP Port 1026 > > URL: http://www.lurhq.com/popup_spam.html > Release Date: June 20, 2003 > Author: Joe Stewart > > LURHQ Corporation has observed traffic to large blocks of IP addresses > on UDP port 1026. This traffic started around June 18, 2003 and has > been constant since that time. LURHQ analysts have determined that the > source of the traffic is spammers who have discovered that the Windows > Messenger service listens for connections on port 1026 as well as the > more widely-known port 135. Windows Messenger has been a target for > spammers since late last year, because it allows anonymous pop-up > messages to be displayed on any Windows system running the messenger > service. Due to widespread abuse, many ISPs have moved to block > inbound traffic on UDP port 135. It appears the spammers have adapted, > so ISPs are urged to block UDP port 1026 inbound as well. > > It is possible to disable the messenger service on some platforms > following the instructions below. However, the fact that you can > receive these messages points to the fact that your computer is > unsecured and vulnerable to other possible attacks in the future. > Disabling the messenger service will stop the pop-up spam, but will > not protect you in any other way. Home users are encouraged to install > personal firewall software to block unauthorized connections to their > computers. Users are discourged from purchasing specialized Windows > Messenger popup blocking software as it is often sold by the same > company that is sending the popups. > > To disable the Messenger Service, follow the instructions for your > Windows version: > > Windows XP Home > * Click Start, then click Control Panel. > * Double-click Performance and Maintenance. > * Double-click Administrative Tools. > * Double-click Services. > * Scroll down, highlight and right-click on Messenger and choose > Properties > * In the "Startup type" list, choose Disabled. > * Click Stop, and then click OK. > > Windows XP Professional > * Click Start, then click Control Panel. > * Double-click Administrative Tools > * Double-click Services > * Scroll down, highlight and right-click on Messenger and choose > Properties > * In the "Startup type" list, choose Disabled. > * Click Stop, and then click OK. > > Windows 2000/NT > * Click Start, go to Settings, then click Control Panel. > * Double-click Administrative Tools. > * Double-click Service. > * Double-click Messenger. > * In the "Startup type" list, choose Disabled. > * Click Stop, and then click OK. > > Windows 98/ME > The Windows Messenger Service cannot be disabled > > -- > > About LURHQ Corporation > LURHQ Corporation is the trusted provider of Managed Security > Services. Founded in 1996, LURHQ has built a strong business > protecting the critical information assets of more than 400 customers > by offering managed intrusion prevention and protection services. > LURHQ's 24X7 Incident Handling capabilities enable customers to > enhance their security posture while reducing the costs of managing > their security environments. LURHQ's OPEN Service Delivery(TM) > methodology facilitates a true partnership with customers by providing > a real time view of the organization's security status via the > Sherlock Enterprise Security Portal. For more information visit > http://www.lurhq.com/ > > Copyright (c) 2003 LURHQ Corporation. Permission is hereby granted for > the redistribution of this document electronically. It is not to be > altered or edited in any way without the express written consent of > LURHQ Corporation. If you wish to reprint the whole or any part of > this document in any other medium excluding electronic media, please > e-mail [EMAIL PROTECTED] for permission. > > Disclaimer > The information within this paper may change without notice. Use of > this information constitutes acceptance for use in an AS IS condition. > There are NO warranties implied or otherwise with regard to this > information. In no event shall the author be liable for any damages > whatsoever arising out of or in connection with the use or spread of > this information. > > Feedback > Updates and/or comments to: > LURHQ Corporation > http://www.lurhq.com/ > [EMAIL PROTECTED] > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
