Insidious New Spam

[Dalton]

For all you people using NT/2000/XP, this page might be of interest:

http://mattdrury.net/showfile.asp?which=messpam.txt

Apparently the spamwhores have found a new, insidious way to spam your computer. They use a built-in network service in Windows to broadcast spam messages to your machine without setting off the firewall or even showing up as a suspicious process. I myself have had three of these messages show up. Go to that page to stop them.

[MKSheppard]

I have Windows ME, so this won't work EHHEHE

[Evil Sadistic Bastard]

I have ZoneAlarm. No ph34r.

[Dalton]

I have Windows ME, so this won't work EHHEHE

WinME? I feel so sorry for you. WinME is an even bigger piece of crap than XP.

[Dalton]

I have ZoneAlarm. No ph34r.

Even then, it'll get through. Unless you block that port..

[Evil Sadistic Bastard]

I have ZoneAlarm. No ph34r.

Even then, it'll get through. Unless you block that port..

I'm on highest security setting (i.e. port stealth).

Is that good enough?

[MKSheppard]

WinME? I feel so sorry for you. WinME is an even bigger piece of crap than XP.

Except Dell got this install to WORK RIGHT. I have less problems with this
box than my Win 98 SE box......

[TrailerParkJawa]

Last week I took my firewall down to troubleshoot my DSL connection.
I forgot to turn the firewall back on and I got one of these spams.
It made me really mad because I know better. But it still surprised me
that they were using a NET SEND command to spam my IP address.

Anyway, if you disable the Messenger Service its not going to work. Also, if you are behind a NAT box its not going to work, since they cant even see you.
Disabling TCP/IP over NetBios should work but I have not verfied it. And yes, Zone Alarm blocks it too.

[Grand Admiral Thrawn]

Blarg, I have my faithful '98.

[Alan Bolte]

Yay! Been my biggest comp problem for about the past month. Just hadn't gotten around to figuring out how to fix it. That saved me some time.

[C.S.Strowbridge]

For all you people using NT/2000/XP, this page might be of interest:

http://mattdrury.net/showfile.asp?which=messpam.txt

Apparently the spamwhores have found a new, insidious way to spam your computer. They use a built-in network service in Windows to broadcast spam messages to your machine without setting off the firewall or even showing up as a suspicious process. I myself have had three of these messages show up. Go to that page to stop them.

I got one of those messages once. Once.

Shut off that system right away. Never got a legitimate message though it. No need to assume I would.

[Einhander Sn0m4n]

It's called Windows Messenger Spam.

[Vertigo1]

And its not new. Its been going around for years.

[TrailerParkJawa]

And its not new. Its been going around for years.

Yeah, it is only becomming more common because more people have static IP's and more people have an OS with the messenger service (NT,2K, XP).
Even with dynamic IP you can still get these, its just less likely.

[Exonerate]

I have ZoneAlarm. No ph34r.

Even then, it'll get through. Unless you block that port..

Port 139 is used for NetBIOS... You might need it, but probably isn't essential.

[Enlightenment]

Port 139 is used for NetBIOS... You might need it, but probably isn't essential.

Messenger spam still gets through even if you don't expose the NetBIOS-over-TCP/IP port to the Internet. You have to disable the messenger service or use a firewall.

That said, for security reasons, port 139 should never be exposed to the Internet in the first place. NetBIOS script kiddies can't hack ports that aren't listening.