This insidious annoyance has just appeared on my local cable network provider and I have reported the actions to the provider as they violate the terms of use by most cable providers. The function that is being exploited here is the netsend command from a windows command prompt. I've also noticed that they are masking the computers name such as DEGREES which when a trace route is run on the network name the computer does not exist on the network. I'm not sure but I'm pretty sure that net is governed by port access so if anyone knew what port netsend communicates on that port could theoretically be shut down to incoming requests.
This is not a virus but a dastardly, plot conceived by a ad guy who knew enough about the technology to be dangerous hmm. excuse me an annoyance. I've searched the Microsoft knowledgebase for any info on netsend command and can find nothing. Who knows how to disable netsend. And for all those network admins who use it. STOP and use email it is just as effective or do as we do in my office and use some form of IM like ICQ . csmith ----- Original Message ----- From: "Anthony M. Humphreys" <[EMAIL PROTECTED]> To: "Multiple recipients of list witango-talk" <[EMAIL PROTECTED]> Sent: Friday, October 18, 2002 10:23 PM Subject: Re: Witango-Talk: virus?? (OT) > From : > http://story.news.yahoo.com/news?tmpl=story&ncid=528&e=9&cid=528&u=/ap/20021 > 018/ap_on_hi_te/pop_up_spam > > New Pop-Up Ads Bypass the Internet > Fri Oct 18, 4:35 PM ET > By ANICK JESDANUN, AP Internet Writer > > NEW YORK (AP) - As if junk e-mail and pop-up ads weren't annoying enough on > their own, now there's a combination. > > A developer of bulk-mail software has figured out how to blast computers > with pop-up spam over the Internet through a messaging function on many > Windows operating systems. The function was designed for use by computer > network technicians to, for instance, warn people on their systems of a > planned shutdown. > > The pop-up messages appear on recipients' computers in separate windows, > similar to pop-up ads that appear when a user goes to a Web site. > > But there's a difference: Anyone can send the messages, and there's no need > for the user to have an Internet browser open. > > Gary Flynn, a security engineer at James Madison University, where several > messages were received, calls the technique worse than e-mail spam. > > "This pops up on the screen," he said. "It's almost like somebody barging in > your office and interrupting you." > > ... deleted ... > > > ----- Original Message ----- > From: "Ben Johansen" <[EMAIL PROTECTED]> > To: "Multiple recipients of list witango-talk" <[EMAIL PROTECTED]> > Sent: Friday, October 18, 2002 8:15 PM > Subject: RE: Witango-Talk: virus?? (OT) > > > > In that case, then it could be worse. > > Have you completed the security checklist that Microsoft gives out free > > from > > Microsoft > > > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur > > ity/Default.asp > > > > and are you up to date on the hotfixes. > > > > I know it sounds like ancient history, but there are still servers > > infected with the Code-Red virus. As a matter of fact they say if you > > setup a server and have it hooked to the internet that you will be > > infected before you can download and install the patch. > > > > Here is a simple but quick way to stop a lot of this. locate the CMD.EXE > > file. take that file an move it to a folder that is setup to only be > > accessed by the admin (ie remove the everyone access from that folder) > > > > Go to you IIS logs usually under c:\winnt\system32\logfiles folder and > > look at the logs files. Search for cmd.exe. It might surprise you what > > has been going on through port 80 thanks to M$ > > > > Good Luck > > > > > > Ben Johansen - http://www.pcforge.com > > Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm > > Latest downloads & List Archives @ http://www.witango.ws > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson > > Sent: Friday, October 18, 2002 4:59 PM > > To: Multiple recipients of list witango-talk > > Subject: Re: Witango-Talk: virus?? (OT) > > > > Ben, > > > > Thanks for the quick reply. I will look into this. The main thing that > > baffles me is that I this box isn't used for anything but web and tango > > app > > server - I thought the box was pretty secure so I don't know how this > > would > > have been installed. > > > > Brad > > > > > > ----- Original Message ----- > > From: "Ben Johansen" <[EMAIL PROTECTED]> > > To: "Multiple recipients of list witango-talk" > > <[EMAIL PROTECTED]> > > Sent: Friday, October 18, 2002 4:15 PM > > Subject: RE: Witango-Talk: virus?? (OT) > > > > > > Hey, I am not ruling out a virus, but you might want to look into > > spyware detectors. They usually exhibit the behavior you are seeing > > > > Try downloading Ad-Aware from http://www.lavasoft.de. When you download > > the free Ad-Aware make sure you download it from either Mirror#1 or > > Mirror#2 farther down the downloads list. The other sites like > > MajorGeeks.com install the spyware you are trying to get rid of by > > downloading Ad-Aware > > > > Another free program is spybot (for windows only) > > http://download.com.com/3000-2144-10122138.html > > > > > > > > Ben Johansen - http://www.pcforge.com > > Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm > > Latest downloads & List Archives @ http://www.witango.ws > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:owner-witango-talk@;witango.com] On Behalf Of Brad Robertson > > Sent: Friday, October 18, 2002 3:59 PM > > To: Multiple recipients of list witango-talk > > Subject: Witango-Talk: virus?? (OT) > > > > Hello list, > > > > I am not sure how to explain this, but on my Tango/IIS server (Win 2K, > > SP2), I keep getting system popup windows that have advertisements. I > > turned off the Alerter and Messenger service and still get them. Some > > appear in my event log as application popup with no clues as to the > > origin. Anybody getting these? Any ideas? > > > > Regards, > > Brad > > > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > > > ________________________________________________________________________ > > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > > with unsubscribe witango-talk in the message body > > ________________________________________________________________________ > TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] > with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
