Whilst closely watching the traffic to a server here at work (I had a good reason, I don’t just find it fun) (yes I do) I noticed a firewall batting away a bunch of incoming Microsoft Messenger Service NetrSendMessage. These are UDP packets destined for port 1026. The contents of the messages seem to be spyware and spam tricks. “Your system needs updating, click here to purchase the patch” etc.etc.
I’ve not come across this before, but it seems to be wide spread. In 2 hours I collected over a dozen to one particular host, all from different source IPs and nearly all with different messages and urls in them. Here are some excerpts, notice that as URLs aren’t clickable in message boxes they have to leave instructions to type the url in.
UPDATE: For all the non-techies, these messages are NOT the result of a virus or worm or anything like that. They are just network messages sent over the internet by scammers, a bit like spam. You can safely ignore them. If you want them to go away, install some firewall software or follow the instructions by Manimo to turn off the messaging service.
Buffer Overrun in Messenger Service Allows Remote Code Execution,
Virus Infection and Unexpected Computer Shutdowns
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003
Non Affected Software:
Microsoft Windows Millennium Edition
Your system is affected, download the patch from the address below !
FIRST TYPE THE ADDRESS BELOW INTO YOUR INTERNET BROWSER, THEN CLICK ‘OK’.
THE ADDRESS WILL DISAPPEAR ONCE YOU CLICK ‘OK’.
and this one
Windows has found infected spyware and dangerous errors on your computer!
To rid your computer of these dangerous errors and infected spyware do the
1. Download eAntiSpy from: www.desktopfix.com
2. Install eAntiSpy
3. Run eAntiSpy
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA CORRUPTION AND LOSS OF PERSONAL
INFORMATION AND SYSTEM FAILURE!
And this one:
We detected a dangerous Virus installed on your computer but was unable
to remove it. This Virus allow companies/users to monitor your
Internet browsing patterns. It is recommended that you install the
latest software to remove these by going to: