Heelp, Net send

GenghisK

GenghisK

...
Joined
Mar 13, 2001
Messages
4,123
Location
Far from the 2 idiot posters in FPT
Well, normally on NT/2K, the net send function can only use the message service of microsoft windows to send messages through LAN, right?
Yesterday I received a popup message from that MS service originating from... the net! It was of course a spam ad, but well now it seems to be a new kind of spam, after email spam. How can they do that? My question is does it exist such a tool, a Netsend that works even over the internet (using IP addressing then), and not only over LAN (using computer nickname)?

It seems very strange but the message type is exactly the netsend message.
 
can you give a screen capture of it? Without seeeing it I would guess that you either executed a program that was in the email or you have a trojan on your computer. There should be no way for the comman net to be used outside of your domain (so, maybe it is someone on the same domain of your DSL ISP!!). Fry the bastard. ;)

Do, net view and see if you see other people on your domain. Do net send /domain to send a message to the whole domain and net send computer_name to send to a particular computer. (there is a space between the send and computer_name
 
was it an actual DOS window or was it a Windows Window made to look like a DOS window?
 
Oh, I just love this language barrier.

If you are not willing to take the time to send a screen shot, I am not going to help you, French Fry!!! :p
 
A windows that would look that way :p
Not that hard to understand. Plus, my initial question was if anybody knew a (freeware) equivalent of netsend but over the Internet. Not hard to answer ;)
 

Attachments

  • image2.jpg
    image2.jpg
    11.3 KB · Views: 192
"there's only ine dumb horse left..."
:lol:
 
What does the Task Manager show when this is up? Couldn't it be a pop-up masquerading as a Net Send? But they couldn't disquise the process.
 
What firewall are you running? Log traffic to port 139 (NetBIOS) from the internet. This should not be getting through. There are online port scanners that you can direct back to yourself to see that you are really protected properly. The reason something like net send is only expected from the local network is that the MS networking are generally locked down from the internet. However, it's just IP traffic, and will pass across the internet freely. If you're open to this, you may be vulnerable to other attacks also. To alleviate this particular symptom, you can disable the Windows Messenger Service. Do this in the Services Control Panel.
 
Found it! at last!!
http://www.itsecure.com.au/news/story.htm?StoryID=254
Here's an article that speaks about direct advertiser, the program they use. Read it, it's frtightening. Using a backdoor in netbios and it simulates a net send over internet. SO I was right, it was really a net send but its functionnality was hijacked by those damn spammers... :mad:

Btw, http://www.directadvertiser.com/ is the homepage of that software, $700!!! Expensive but well, the spammers bastards will always afford it, grrr.
 
I see they use port 135 - tricky. I would still recommend locking down ALL MS ports from the internet. I prefer locking ALL ports other than what I know I want to use, which from home is nothing as I don't run any local servers. Basically, default to block all traffic and then work forwards from there allowing only what you know you want to be initiated from the public.
 
You must log in or register to reply here.

Similar threads

Miniskirt
Warning about not being allowed to post "spam"
Replies
5
Views
800
Miniskirt
Miniskirt
N
[CTP] How to set up multiplayer via IPX on Civilization: Call to Power and Call to Power II
Replies
0
Views
148
ninjaboy42099
N
Z
Cloud Game - Live Tuner - Re-assigning player
Replies
1
Views
670
Zephn
Z
A
  • Locked
New BETA Version – 4.18.4 (January 21, 2025)
6 7 8
Replies
156
Views
27K
Recursive
Recursive
LilBudyWizer
Execution Model
Replies
0
Views
207
LilBudyWizer
LilBudyWizer
Back
Top Bottom