Remote Activation of Pop-Up Advertisements

  • Thread starter Thread starter Jim Baltimore
  • Start date Start date
J

Jim Baltimore

I recently experienced the pop-up advertisements, which
should hopefully soon be designated as illegal SPAM. I
also read the opsts, but after trying to excise
the "demon" myself. Now I do not know as to how accurate
my solution has been, and if I am wrong, could someone
point me in the right direction?

What I did was to simply change the Default
Profile/Object and password, and then change the service
activations for those services which allowed remote
access. I was thinking that the remote "alert" was being
created because the default profile is the same oout of
the box. If this was true, then it could be possible to
automate a remote call to send a message as the default
administrator for whichever service. So by changing the
account profile, should that not disable the pop-ups? I
understand that firewalls are more efficient in
protecting multiple ports, but wouldn't simply changing
all default profiles help to deter remote access to a
system or network?

If anyone might have any experience with what I am trying
to describe, I would greatly appreciate any input.

Jim
 
If you are receiving pop-ups on your PC this means anyone has access to your
PC from the Internet. You should use personal firewall. Any personal
firewall is better then none.

Changing your profile and setting a password won't solve pop-up problem. I
don't need any username and password to send them to you. All I need is
unprotected PC on the internet (PC without firewall)...

Read and follow instruction in the article
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
 
Okay, maybe I am not making myself clear enough. I DO
have security which includes both hardware and software
protection/intrusion. I heard about the pop-ups, and
wanted to see exactly what all the complaints were
about. I took a PC and connected it directly to the
Internet via my ISP. I know exactly what ports are
exposed, who is sending the pop-ups, what systems are
trying to access my PC, and am generating a log file of
all traffic. So I already understand about security.

You have suggested that a firewall would be easier, but
the question is, "How exactly are they gaining access to
the system?" I am looking for technical information, and
am only trying to identify how the intrusion is occurring
upon this system. While I appreciate the previous
suggestions, I am trying to verify what I believe is the
cause.

If anyone knows exactly how access is occurring, and can
provide sufficient information to allow me to duplicate
it in-house, I would be appreciative.

Jim
 
Jim Baltimore said:
Okay, maybe I am not making myself clear enough. I DO
have security which includes both hardware and software
protection/intrusion. I heard about the pop-ups, and
wanted to see exactly what all the complaints were
about. I took a PC and connected it directly to the
Internet via my ISP. I know exactly what ports are
exposed, who is sending the pop-ups, what systems are
trying to access my PC, and am generating a log file of
all traffic. So I already understand about security.

You have suggested that a firewall would be easier, but
the question is, "How exactly are they gaining access to
the system?" I am looking for technical information, and
am only trying to identify how the intrusion is occurring
upon this system. While I appreciate the previous
suggestions, I am trying to verify what I believe is the
cause.

If anyone knows exactly how access is occurring, and can
provide sufficient information to allow me to duplicate
it in-house, I would be appreciative.

Recreate Messenger Service Spam at home!

Open a command prompt..

Type in :

net send 127.0.0.1 This is a Messenger Popup

DONE.

They are taking advantage of your open ports (135-139 and 445 I think) and
the fact that Net Send allows one to send a message to a computer if they
know the IP and those ports are open.

If it is the other type of popups, they are taking advantage of code that
allows them to open a new browser. Very simple to do.

They gain access by trying IPs they can get from MANY different means. Once
they know the range of IPs from a particular ISP, they could easily script a
BATCH file to flood all of the IPs with Messenger Service spam.

This is why we answered like we did. Everyone KNOWS how they are doing it.
The only way to stop it is to block your ports (for messenger service spam)
by turning them off(closing them) or better yet - through a well configured
firewall (simpler for most.) As for the other type of spam, you need toget
software that prevents new windows from being opened by any automatic means
without your permission. That is all popup stoppers do.

Which part are you trying to figure out? heh
 
Back
Top