virus or hacked?
Good morning: I was wondering if anyone has seen this message on a win2k server before and might be able to help me Message from destroyer to you on 8/19/2003 11:24:53pm Make this your last pop-up ever Destroy all these pop-up for a fraction of the price of our competitors!!! go to www. messagdestroyer.net This is all in a plain windows box(gray box with an ok button at the bottom and the X is the upper right corner) Any help or insight would much appreciated!! Thanks Chris Todd Computer Technician Western Newspapers, Inc. (928)775-2499 Resistance is Futile
Re: virus or hacked?
That would probably be the messenger service in Win2k. to stop it, go to Settings - control panel - Administrative Tools - Services. Find Messenger and disable it. Thanks, Paul Or load the linux OS of choice ;) On Wed, 2003-08-20 at 12:32, Chris Todd wrote: Good morning: I was wondering if anyone has seen this message on a win2k server before and might be able to help me Message from destroyer to you on 8/19/2003 11:24:53pm Make this your last pop-up ever Destroy all these pop-up for a fraction of the price of our competitors!!! go to www. messagdestroyer.net This is all in a plain windows box(gray box with an ok button at the bottom and the X is the upper right corner) Any help or insight would much appreciated!! Thanks Chris Todd Computer Technician Western Newspapers, Inc. (928)775-2499 Resistance is Futile -- Paul A Bradford Senior Network Engineer Adelphia Cable Communications 814-274-6663
RE: virus or hacked?
| -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Chris Todd | Sent: Wednesday, August 20, 2003 12:33 PM | To: '[EMAIL PROTECTED]' | Subject: virus or hacked? | | | Good morning: | I was wondering if anyone has seen this message on a win2k server before | and | might be able to help me | | Message from destroyer to you on 8/19/2003 11:24:53pm | Make this your last pop-up ever Destroy all these pop-up for a fraction of | the price of our competitors!!! | go to www. messagdestroyer.net | | This is all in a plain windows box(gray box with an ok button at the | bottom | and the X is the upper right corner) | This is a standard Windows messenger (not MSN messenger) spam. If you don't use the Windows messenger service, disable the messenger service. SPAM will stop. Todd --
Re: virus or hacked?
Chris Todd schrieb: Thanks Chris Todd Computer Technician Computer Technician? you sure? -- Johannes Catterwell,| Did you ever wonder Darmstadt, Germany | ... why you have to click johannes at catterwell dot de | on Start to stop Windows?
Re: virus or hacked?
From: Chris Todd [EMAIL PROTECTED] Date: Wed, 20 Aug 2003 09:32:30 -0700 Good morning: I was wondering if anyone has seen this message on a win2k server before and might be able to help me Chris: This is the new spam technique using the windows admin pop-up vector. Supposed to be used by an Admin to send messages of some import to all their users on a particular server. That the popup showed up means you have some patching to do as well as some (3 - I think) ports to block on your firewall. See the NANOG archives for more details. Regards, Gregory Hicks Message from destroyer to you on 8/19/2003 11:24:53pm Make this your last pop-up ever Destroy all these pop-up for a fraction of the price of our competitors!!! go to www. messagdestroyer.net This is all in a plain windows box(gray box with an ok button at the bottom and the X is the upper right corner) Any help or insight would much appreciated!! Thanks Chris Todd Computer Technician Western Newspapers, Inc. (928)775-2499 Resistance is Futile - Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] Never attribute to malice that which is adequately explained by ignorance or stupidity. Asking the wrong questions is the leading cause of wrong answers The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton
RE: virus or hacked?
How catty. We all start somewhere, or have you forgotten? Gruss + Cheers, Cade Kelly System/Network Administrator ECONnergy Co. Inc Spring Valley, NY -Original Message- From: Johannes Catterwell [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 1:52 PM To: Chris Todd Cc: [EMAIL PROTECTED] Subject: Re: virus or hacked? Chris Todd schrieb: Thanks Chris Todd Computer Technician Computer Technician? you sure? -- Johannes Catterwell,| Did you ever wonder Darmstadt, Germany | ... why you have to click johannes at catterwell dot de | on Start to stop Windows?
RE: virus or hacked?
-| -Original Message- -| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf -Of -| Chris Todd -| Sent: Wednesday, August 20, 2003 12:33 PM -| To: '[EMAIL PROTECTED]' -| Subject: virus or hacked? -| -| -| Good morning: -| I was wondering if anyone has seen this message on a win2k server -before -| and -| might be able to help me -| -| Message from destroyer to you on 8/19/2003 11:24:53pm -| Make this your last pop-up ever Destroy all these pop-up for a -fraction of -| the price of our competitors!!! -| go to www. messagdestroyer.net -| -| This is all in a plain windows box(gray box with an ok button at the -| bottom -| and the X is the upper right corner) -| - -This is a standard Windows messenger (not MSN messenger) spam. If you -don't use the Windows messenger service, disable the messenger -service. SPAM will stop. - -Todd If you have this showing up on a server that is behind a firewall, you may have a MUCH bigger problem. The access to the messenger service requires access to a specific port, and this problem normally only manifests itslef when the server/workstation is plugged directly into an internet pipe with a real world IP on one of it's network cards! If you are not behind a firewall/router of even the linksys family, shame on you. If you are behind a firewall... Oh boy, better look for some security problems later, J
RE: virus or hacked?
Ok, let me kill this now, To everyone that helped thank you very much.. to others I am sorry for posting off topic. I just now found out the server admin left the server outside the firewall with many open ports. again, thanks for all the help and sorry for the off topic spam. Chris Todd Computer Technician Western Newspapers, Inc. (928)775-2499 Resistance is Futile -- From: McBurnett, Jim Sent: Wednesday, August 20, 2003 11:48 AM To: Todd Mitchell - lists; Chris Todd Cc: [EMAIL PROTECTED] Subject: RE: virus or hacked? -| -Original Message- -| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf -Of -| Chris Todd -| Sent: Wednesday, August 20, 2003 12:33 PM -| To: '[EMAIL PROTECTED]' -| Subject: virus or hacked? -| -| -| Good morning: -| I was wondering if anyone has seen this message on a win2k server -before -| and -| might be able to help me -| -| Message from destroyer to you on 8/19/2003 11:24:53pm -| Make this your last pop-up ever Destroy all these pop-up for a -fraction of -| the price of our competitors!!! -| go to www. messagdestroyer.net -| -| This is all in a plain windows box(gray box with an ok button at the -| bottom -| and the X is the upper right corner) -| - -This is a standard Windows messenger (not MSN messenger) spam. If you -don't use the Windows messenger service, disable the messenger -service. SPAM will stop. - -Todd If you have this showing up on a server that is behind a firewall, you may have a MUCH bigger problem. The access to the messenger service requires access to a specific port, and this problem normally only manifests itslef when the server/workstation is plugged directly into an internet pipe with a real world IP on one of it's network cards! If you are not behind a firewall/router of even the linksys family, shame on you. If you are behind a firewall... Oh boy, better look for some security problems later, J
Re: virus or hacked?
That was my thought after my initial knee jerk how to fix response. I'm sorry for replying to the list Thanks, Paul -- Paul A Bradford Senior Network Engineer Adelphia Cable Communications 814-274-6663
Re: virus or hacked?
Indeed. - Original Message - From: Claire Kelly [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 1:45 PM Subject: RE: virus or hacked? How catty. We all start somewhere, or have you forgotten? Gruss + Cheers, Cade Kelly System/Network Administrator ECONnergy Co. Inc Spring Valley, NY -Original Message- From: Johannes Catterwell [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 1:52 PM To: Chris Todd Cc: [EMAIL PROTECTED] Subject: Re: virus or hacked? Chris Todd schrieb: Thanks Chris Todd Computer Technician Computer Technician? you sure? -- Johannes Catterwell, | Did you ever wonder Darmstadt, Germany | ... why you have to click johannes at catterwell dot de | on Start to stop Windows?
Re: virus or hacked?
On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly [EMAIL PROTECTED] said: How catty. We all start somewhere, or have you forgotten? You *do* have to admit it's an unusual combination of skills to: a) have enough clue to get subscribed to NANOG-post *AND* b) not be able to identify Windows Messenger spam pgp0.pgp Description: PGP signature
Re: virus or hacked?
Most of us start at google. On Wed, Aug 20, 2003 at 01:45:46PM -0400, Claire Kelly wrote: How catty. We all start somewhere, or have you forgotten? Gruss + Cheers, Cade Kelly System/Network Administrator ECONnergy Co. Inc Spring Valley, NY -Original Message- From: Johannes Catterwell [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 1:52 PM To: Chris Todd Cc: [EMAIL PROTECTED] Subject: Re: virus or hacked? Chris Todd schrieb: Thanks Chris Todd Computer Technician Computer Technician? you sure? -- Johannes Catterwell, | Did you ever wonder Darmstadt, Germany| ... why you have to click johannes at catterwell dot de | on Start to stop Windows?
RE: virus or hacked?
Yes, this is totally true. But my point was that being helpful is more efficient than pure cattiness (which could translate into arrogance *gasp*). Enough of that goes on on this list, and in any case, while we're busy sneering about our ignorant users, we could at least help out our own. You know? Have a good one! Cheers, Cade -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 2:03 PM To: Claire Kelly Cc: [EMAIL PROTECTED] Subject: Re: virus or hacked? On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly [EMAIL PROTECTED] said: How catty. We all start somewhere, or have you forgotten? You *do* have to admit it's an unusual combination of skills to: a) have enough clue to get subscribed to NANOG-post *AND* b) not be able to identify Windows Messenger spam
Re: virus or hacked?
Chris, Chances are that you're not but...make sure you block the following ports (at a minimum) at your firewall: 135 137-139 445 If you don't have a firewall, you need to get one installed ASAP. In the meantime, install a personal (software) firewall - if the circumstances allow. If you are getting pop-up ads on that server, who knows what else is going on. -Jack --- Chris Todd [EMAIL PROTECTED] wrote: Good morning: I was wondering if anyone has seen this message on a win2k server before and might be able to help me Message from destroyer to you on 8/19/2003 11:24:53pm Make this your last pop-up ever Destroy all these pop-up for a fraction of the price of our competitors!!! go to www. messagdestroyer.net This is all in a plain windows box(gray box with an ok button at the bottom and the X is the upper right corner) Any help or insight would much appreciated!! Thanks Chris Todd Computer Technician Western Newspapers, Inc. (928)775-2499 Resistance is Futile
Re: virus or hacked?
On Wed, 20 Aug 2003 at 7:51pm Johannes Catterwell wrote: Chris Todd schrieb: Thanks Chris Todd Computer Technician Computer Technician? you sure? That ain't nothing compared to the Network Security Engineer that posted a few messages before that had never heard of Blaster and has his servers set to auto-update from M$ (shudder). -- Joseph F. Noonan Rigaku/MSC Inc. [EMAIL PROTECTED]
Re: virus or hacked?
On Wed, 20 Aug 2003 [EMAIL PROTECTED] wrote: You *do* have to admit it's an unusual combination of skills to: a) have enough clue to get subscribed to NANOG-post *AND* b) not be able to identify Windows Messenger spam I dunno about that...I know when I first saw the Messenger spam on my wife's Win 2k box, I didn't know what it was, probably because I'm not a Windows user myself. It also boggled my mind that MS would leave that on by default. It still does, come to think of it... James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =
End of thread ; WAS: RE: virus or hacked?
Sorry folks, my last message being sent to the list was my fault - this topic has long gone off-list. Again, apologies. Cheers, Cade
Re: virus or hacked?
How catty. We all start somewhere, or have you forgotten? not only that, but we all start in exactly the same place -- with zero knowledge. there was a day when even X didn't know Y, for all X and Y. s.
Re: virus or hacked?
Oh I don't know. Many here do a pretty good impression of that unique combination of skills prior to that first cup of coffee :P [EMAIL PROTECTED] wrote: On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly [EMAIL PROTECTED] said: How catty. We all start somewhere, or have you forgotten? You *do* have to admit it's an unusual combination of skills to: a) have enough clue to get subscribed to NANOG-post *AND* b) not be able to identify Windows Messenger spam