>From : http://story.news.yahoo.com/news?tmpl=story&ncid=528&e=9&cid=528&u=/ap/20021 018/ap_on_hi_te/pop_up_spam
New Pop-Up Ads Bypass the Internet Fri Oct 18, 4:35 PM ET By ANICK JESDANUN, AP Internet Writer NEW YORK (AP) - As if junk e-mail and pop-up ads weren't annoying enough on their own, now there's a combination. A developer of bulk-mail software has figured out how to blast computers with pop-up spam over the Internet through a messaging function on many Windows operating systems. The function was designed for use by computer network technicians to, for instance, warn people on their systems of a planned shutdown. The pop-up messages appear on recipients' computers in separate windows, similar to pop-up ads that appear when a user goes to a Web site. But there's a difference: Anyone can send the messages, and there's no need for the user to have an Internet browser open. Gary Flynn, a security engineer at James Madison University, where several messages were received, calls the technique worse than e-mail spam. "This pops up on the screen," he said. "It's almost like somebody barging in your office and interrupting you." ... deleted ... ----- Original Message ----- From: "Ben Johansen" <[EMAIL PROTECTED]> To: "Multiple recipients of list witango-talk" <[EMAIL PROTECTED]> Sent: Friday, October 18, 2002 8:15 PM Subject: RE: Witango-Talk: virus?? (OT) > In that case, then it could be worse. > Have you completed the security checklist that Microsoft gives out free > from > Microsoft > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur > ity/Default.asp > > and are you up to date on the hotfixes. > > I know it sounds like ancient history, but there are still servers > infected with the Code-Red virus. As a matter of fact they say if you > setup a server and have it hooked to the internet that you will be > infected before you can download and install the patch. > > Here is a simple but quick way to stop a lot of this. locate the CMD.EXE > file. take that file an move it to a folder that is setup to only be > accessed by the admin (ie remove the everyone access from that folder) > > Go to you IIS logs usually under c:\winnt\system32\logfiles folder and > look at the logs files. Search for cmd.exe. It might surprise you what > has been going on through port 80 thanks to M$ > > Good Luck > > > Ben Johansen - http://www.pcforge.com > Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm > Latest downloads & List Archives @ http://www.witango.ws > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson > Sent: Friday, October 18, 2002 4:59 PM > To: Multiple recipients of list witango-talk > Subject: Re: Witango-Talk: virus?? (OT) > > Ben, > > Thanks for the quick reply. I will look into this. The main thing that > baffles me is that I this box isn't used for anything but web and tango > app > server - I thought the box was pretty secure so I don't know how this > would > have been installed. > > Brad > > > ----- Original Message ----- > From: "Ben Johansen" <[EMAIL PROTECTED]> > To: "Multiple recipients of list witango-talk" > <[EMAIL PROTECTED]> > Sent: Friday, October 18, 2002 4:15 PM > Subject: RE: Witango-Talk: virus?? (OT) > > > Hey, I am not ruling out a virus, but you might want to look into > spyware detectors. They usually exhibit the behavior you are seeing > > Try downloading Ad-Aware from http://www.lavasoft.de. When you download > the free Ad-Aware make sure you download it from either Mirror#1 or > Mirror#2 farther down the downloads list. The other sites like > MajorGeeks.com install the spyware you are trying to get rid of by > downloading Ad-Aware > > Another free program is spybot (for windows only) > http://download.com.com/3000-2144-10122138.html > > > > Ben Johansen - http://www.pcforge.com > Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm > Latest downloads & List Archives @ http://www.witango.ws > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson > Sent: Friday, October 18, 2002 3:59 PM > To: Multiple recipients of list witango-talk > Subject: Witango-Talk: virus?? (OT) > > Hello list, > > I am not sure how to explain this, but on my Tango/IIS server (Win 2K, > SP2), I keep getting system popup windows that have advertisements. I > turned off the Alerter and Messenger service and still get them. Some > appear in my event log as application popup with no clues as to the > origin. Anybody getting these? Any ideas? > > Regards, > Brad > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
