Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: virus or hacked?

  • From: Chris Todd
  • Date: Wed Aug 20 14:08:59 2003

Ok, let me kill this now,
To everyone that helped thank you very much..
to others I am sorry for posting off topic. I just now found out the server
admin left the server outside the firewall with many open ports.

again, thanks for all the help and sorry for the off topic spam.

Chris Todd
Computer Technician
Western Newspapers, Inc.
(928)775-2499

Resistance is Futile

> ----------
> From: 	McBurnett, Jim
> Sent: 	Wednesday, August 20, 2003 11:48 AM
> To: 	Todd Mitchell - lists; Chris Todd
> Cc: 	nanog@nanog.org
> Subject: 	RE: virus or hacked?
> 
> ->| -----Original Message-----
> ->| From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf
> ->Of
> ->| Chris Todd
> ->| Sent: Wednesday, August 20, 2003 12:33 PM
> ->| To: 'nanog@merit.edu'
> ->| Subject: virus or hacked?
> ->| 
> ->| 
> ->| Good morning:
> ->| I was wondering if anyone has seen this message on a win2k server
> ->before
> ->| and
> ->| might be able to help me
> ->| 
> ->| Message from destroyer to you on 8/19/2003 11:24:53pm
> ->| Make this your last pop-up ever Destroy all these pop-up for a
> ->fraction of
> ->| the price of our competitors!!!
> ->| go to www. messagdestroyer.net
> ->| 
> ->| This is all in a plain windows box(gray box with an ok button at the
> ->| bottom
> ->| and the X is the upper right corner)
> ->| 
> ->
> ->This is a standard Windows messenger (not MSN messenger) spam.  If you
> ->don't use the Windows messenger service, disable the "messenger"
> ->service.  SPAM will stop.
> ->
> ->Todd
> 
> If you have this showing up on a server that is behind a firewall, you 
> may have a MUCH bigger problem.  The access to the messenger service
> requires access to a specific port, and this problem normally only
> manifests
> itslef when the server/workstation is plugged directly into an internet
> pipe
> with a real world IP on one of it's network cards!!!!!
> 
> If you are not behind a firewall/router of even the linksys family, shame
> on you.
> If you are behind a firewall... Oh boy, better look for some security
> problems!!!!
> 
> later,
> J
> 
> 




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.