Fear-mongering was [thelist] odd IE worm or something..

Ken Schaefer ken at adOpenStatic.com
Sun Nov 9 20:18:51 CST 2003


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Paul Bennett" <paul at teltest.com>
Subject: Re: Fear-mongering was [thelist] odd IE worm or something..


: >- not headline conjecture is going to help
: >Tom solve his conundrum.
: >
: </rant>
:
: So....disabling the messenging service will or won't
: help Tom? FYI the messenging service vulnerability is
: (a) widely known and (b) widely exploited and so MAY
: infact prove to be a factor in Tom's problem.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi,

a) There is no "messenging service" - it's the "messenger service" (sorry,
that's a nitpick, I know).

b) I'm not sure what you mean by "widely exploited" - is spam an SMTP
exploit? Now, there is an RPC vulnerability that does in fact exploit the
Messenger service, but that's not "widely exploited". [1] If you are talking
about people receiving lots of Messenger "pop-ups", that's not an exploit.

c) The window is an IE window - I supppose any number of tricks could be
used to "hide it" - have it open at some co-ordinates waaaay off the visible
screen, and have some javascript that always returns focus to another (eg
parent window). Task Manager should show it running someplace (eg at least
in "processes", and you can kill it there).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
: And where would your helpful suggestions be? Or is aimless
: sarcasm more "professional" and helpful?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It's not aimless sarcasm - there's a perfectly valid point being made. If
you don't know what you're talking about, then please leave the thread
alone. It is scary the amount of misinformation that gets posted. And it
begins to make me wonder how well qualified people are to comment on other
issues (eg the stability of Program X, or the "bloatedness of Y", or the
security of "Z".

[To the Original Poster]

d) If you are running Windows XP, go Start -> Run -> msconfig.exe, and check
the "start-up" tab for possible programs that may be run at Start up without
your permission (to test to see if it's automatically starting up, don't
load anything once you've logged on). You can also check the services list
to see if there's anything out of the ordinary there. Otherwise, it may be
helpful to post what you are doing when this behaviour starts.

Lastly, if you think that you've been infected via some kind of remote
exploit, as opposed to installing some malware, (and your AV software etc is
not picking it up), then please reinstall Windows XP, and enable the
Internet Connection Firewall *before* you put this machine onto the 'net.
Then head over to WindowsUpdate (via the link on your start menu), and get
all relevant patches.

There is further useful information on the Microsoft homepage
(www.microsoft.com) - click the link/image that says "Protect your PC in 3
steps".

Cheers
Ken

Microsoft MVP - Windows Server (IIS)

[1]
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-043.asp




:
:
:
:
:
: -- 
:  ------------------------------
: Paul Bennett
: Internet Developer
: Teltest Electronic Design
:  ------------------------------ 
: Email: paul at teltest.com
: Phone: 64 4 237 4557
: Web: http://www.teltest.com
: Wap: http://wap.teltest.com
:
:
: -- 
: * * Please support the community that supports you.  * *
: http://evolt.org/help_support_evolt/
:
: For unsubscribe and other options, including the Tip Harvester
: and archives of thelist go to: http://lists.evolt.org
: Workers of the Web, evolt !
:



More information about the thelist mailing list