Messenger security issue?

[Marius Paulmerci]

Well, I use MSFT auto-update to keep my OS updated (i
think -- any easy way to learn if I have the latest
updates?) I work behind a hardware firewall at home (DSL)
AND at work (T1). I am current (according to McAfee) on
my virus DATs.

I got a series of what looked like messenger windows last
night that have me baffled. I exited messenger after the
first, but had two more in succession when I got back
this morning.

They appeared in a window with the title bar
reading "Messenger Service."

the first read:

Message from ADMIN to 4.63.91.XX on 9/21/2003 4:11:56 PM

System Warning: Port 135 is open on your computer.

This may be a security risk if you are connected to the
Internet.

? For more information, type www.PopUpPadlock.com in your
Web browser. [Recommended]

! Pressing OK will close this window. Write down
www.PopUpPadlock.com

<button> OK

12 hours later, I got two similarly structure spam-type
ads in the same kind of windows. Obviously, something's
not configured correctly.

Any advice on stopping these? Do I really need to block
Port 135? How do I know if it's really open? Does
blocking access to this port cause me to lose MSN
Messenger?

Please advise!

Marius

 

[Nicholas]

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp


--
Nicholas

-------------------------------------------------------------------------------


| Well, I use MSFT auto-update to keep my OS updated (i
| think -- any easy way to learn if I have the latest
| updates?) I work behind a hardware firewall at home (DSL)
| AND at work (T1). I am current (according to McAfee) on
| my virus DATs.
|
| I got a series of what looked like messenger windows last
| night that have me baffled. I exited messenger after the
| first, but had two more in succession when I got back
| this morning.
|
| They appeared in a window with the title bar
| reading "Messenger Service."
|
| the first read:
|
| Message from ADMIN to 4.63.91.XX on 9/21/2003 4:11:56 PM
|
| >System Warning: Port 135 is open on your computer.
| This may be a security risk if you are connected to the
| Internet.
|
| ? For more information, type www.PopUpPadlock.com in your
| Web browser. [Recommended]
|
| ! Pressing OK will close this window. Write down
| www.PopUpPadlock.com
|
| <button> OK
|
| 12 hours later, I got two similarly structure spam-type
| ads in the same kind of windows. Obviously, something's
| not configured correctly.
|
| Any advice on stopping these? Do I really need to block
| Port 135? How do I know if it's really open? Does
| blocking access to this port cause me to lose MSN
| Messenger?
|
| Please advise!
|
| Marius
|
|

 

[Bruce Chambers]

Greetings --

This type of spam has become quite common over the past several
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster Worm that
recently swept cross the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger
service, as some people recommend, only hides the symptom, and does
little or nothing to truly secure your machine.) And ignoring or just
"putting up with" the security gap represented by these messages is
particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?




Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

Well, I use MSFT auto-update to keep my OS updated (i
think -- any easy way to learn if I have the latest
updates?) I work behind a hardware firewall at home (DSL)
AND at work (T1). I am current (according to McAfee) on
my virus DATs.

I got a series of what looked like messenger windows last
night that have me baffled. I exited messenger after the
first, but had two more in succession when I got back
this morning.

They appeared in a window with the title bar
reading "Messenger Service."

the first read:

Message from ADMIN to 4.63.91.XX on 9/21/2003 4:11:56 PM

System Warning: Port 135 is open on your computer.

This may be a security risk if you are connected to the
Internet.

? For more information, type www.PopUpPadlock.com in your
Web browser. [Recommended]

! Pressing OK will close this window. Write down
www.PopUpPadlock.com

<button> OK

12 hours later, I got two similarly structure spam-type
ads in the same kind of windows. Obviously, something's
not configured correctly.

Any advice on stopping these? Do I really need to block
Port 135? How do I know if it's really open? Does
blocking access to this port cause me to lose MSN
Messenger?

Please advise!

Marius