< CWSandbox vs. Banking Spyware | Call for Paper: RAID '07 >

Messenger Spam

Yesterday we set up another Windows-based honeypot. Those are fun since you the chances are high that you receive first results after a few minutes. A Windows honeypot without any service pack will be compromised in a short amount of time by some kind of autonomous spreading malware. Or you will collect information about scam sites.

Within a couple of minutes after we connected the honeypot to the Internet, the first message spam arrived:



It claims that the registry "may be corrupt and needs to be clean immediately" - yeah, on a fresh installation of Windows... Of course, it offers you also the perfect solution for this task: www.refreshxp.com
On that web site, you can download an installer (CWSandbox Analysis), which of course finds some corrupt registry keys and offers you to buy a complete version of the tool.
This entry was posted by Thorsten Holz on Wednesday, December 20. 2006 at 15:50. and is filed under honeynets. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. lisa says:
    #1 2006-12-23 00:46 (Reply)

    i don't understand and how do i get rid of it some one please help

  2. Thorsten Holz says:
    #1.1 2007-05-02 08:31 (Reply)

    Stopping messenger spam is easy. Please follow the advice from Microsoft on "Disabling Messenger Service in Windows XP" (http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx)


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.