Is this spoof?

  • Thread starter Thread starter Kevin
  • Start date Start date
That URL is authentication protected, but, even without seeing it
I would bet it is not of MS's doing, but a spoof, or worse.
MS is not in the practice of sending folks pop-ups.
 
Hi Kevin,

It's definitely a spoof...there are a number of corporations that use these
shady marketing tactics. The best thing to do is disable Windows Messenger
or ignore these.

Sincerely,
Benjamin Johnstone-Anderson
Microsoft "MVP" - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/
 
Greetings --

No, the message isn't a "spoof." Rather, it's a scam, plain and
simple. It's from a
very unscrupulous "business." They're trying to sell you patches that
Microsoft provides free-of-charge. It's also demonstrating that your
PC is very unsecure.

This type of spam has become quite common over the past year or
so, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster Worm
that still haunts the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does little or nothing
to truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure
UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_
blocked. You may also disable Inbound NetBIOS (NetBIOS over TCP/IP).
You'll have to follow the instructions from firewall's manufacturer
for the specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Greetings --

I realize that you're trying to help, and that such an intent is
commendable, but please don't post potentially harmful advice.
Frankly, I'd have expected a Security MVP to have known better.

Disabling the messenger service, as you advise, is a "head in the
sand" approach to computer security that leaves the PC vulnerable to
threats such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only advice,
however well-intended, was to turn off the warnings. How is this
helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
It is true enough that this does disable the Alerter software, I have, in my
experience, found that most people find that in a home network environment,
this is an unnecessary feature. I should have made it more clear in my
original message that there are downsides to disabling the Messenger
service, although Microsoft itself recommends that "if you have Windows XP
at home or in a small office that you manage yourself, you should disable
the Messenger Service." The same document recommends talking to a network
administrator about it before disabling the Messenger service, but nowhere
does it recommend against it even in a corporate environment. It is better
to also initialize the firewall built into Windows XP, as this does indeed
indicate poor security; regardless, the installation of a firewall IN
ADDITION to disabling the Windows Messenger service seems to be Microsoft's
recommended position on the issue.

Sincerely,
Benjamin Johnstone-Anderson
Microsoft "MVP" - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/
 
Thanks Bruce for your vigilance. I typically am really
serious about my computer's security but I had just
freshly installed XP Home and did a line packet line test
(dropped my firewall) and forgot to put it up when I
received that pop-up.

All precautions are now in place EXECT stopping messenger
from starting when I run outlook express. I've disabled
it in OE, disabled it in my startup services (msconfig)
but it continues to show up in my system tray eventually.

How do I get rid of this damn program!

Thanks again..
 
Howdy - pardon my jumping in...

http://support.microsoft.com/default.aspx?scid=kb;en-us;330904
says "To resolve this issue, install or turn on a firewall that blocks
inbound NetBIOS and UDP broadcast traffic. The method that you use to
resolve this issue depends on your operating system and how you connect to
the Internet....."

Disabling messenger is dealt with in the "workaround" section, waaaay down
the page.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is this spoof? 1
Spoof Attack's on HP Computer 8
SPOOFED 3
Internet Security Update spoof 2
mysterious pop-up 2
Network attack 3
Windows 10 "This site can't be reached" Error 5
False positives about URL-Spoof leak 1

Back
Top