RE: Windows Messenger Pop-up spam

["Paul Kurczaba" <paul () myipis com>]

I think that *most* major ISP's have now blocked ports 135-139 and 445;
inbound and outbound. This is probably why there has been less windows
messenger popups. Some people may have also gone into "services" and
disabled the messenger service. (Now if ISP's could only just block port 25;
comsumer ISP's that is :)

-Paul

-----Original Message-----
From: Matthew Romanek [mailto:shandower () gmail com] 
Sent: Monday, November 29, 2004 10:25 AM
To: security-basics () securityfocus com
Subject: Windows Messenger Pop-up spam

Hey all,

I've a question, asked purely for the sake of curiosity. 

I was just reminded of the bad old days working for an ISP where every other
call was about lewd messages popping up on a user's screen when they weren't
even doing anything. Windows messaging popups were THE complaint at the
time, and slowly we convinced people that personal firewalls were a good
idea (via messenger popups, no less. We were a scummy little ISP, and no
great bastion of morality).

It just occured to me that I (personally) haven't seen a popup in several
years. I assume it's because we've learned about security and firewalling
and all that. So my question is: Is this sort of stuff still a problem? Does
it still exist in the wild? I suppose I could plug an unprotected windows
machine into a public IP address, but I think I'd be likely to be taken out
by something worse before a messenger ad comes along. And I'm not THAT
curious. :)

--
Matthew 'Shandower' Romanek
IDS Analyst