Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: UDP/1030 (continued) SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
UDP/1030 (continued)
In a continuing effort since yesterday, our readers have been providing us with packet captures of UDP/1030 traffic and does in fact confirm the Dshield port utilization increase is attributed to Windows messenger popup spamming attempts.  We are no longer in need of new packet captures.  I repeat, we are no longer in need of packet captures.  We however, have been unable to confirm any case in which this traffic would result in a successful display of messenger popup spam.

All samples provided were of the 'Registry fix, You need our application' spam, and if you regularly look at traffic capture this is will be nothing new.  I am almost to the point where I treat UDP/1025-1030 as universal background noise.
William

39 Posts

Sign Up for Free or Log In to start participating in the conversation!