Messenger service “net send” spam is still around
December 1st, 2006Even though the technique is more than four years old and everyone should have some sort of firewall in place or the windows messenger service disabled automatically during the Windows XP SP2 installation the “net send” spam seems to be still around. Some examples of these spam popups can be found on this site. If you have issues with this kind of spam you should really consider updating your system, installing some kind of (personal) firewall or follow these instructions.
I was wondering about UDP packets to port 1026 and 1027 on my firewall so I started to log them with tcpdump – that way I discovered that these were still spam messages. Inspecting the dumps there were quite a few reoccuring IP addresses that tried to deliver their “net send” popup spam crap (see below).