Spammers Attempted MSRPC Popup Annoyances

I can’t believe some of the crap that is still floating around the web.

A series of cable modems from Shaw Cable in Calgary have been wailing away on one of home networks with MSRPC popup messages to no avail. The attack is basically a request to show a popup message dialog on on the user’s display. Although these alerts are often used for legitimate purposes, they are increasingly used to deliver SPAM, or at least they were at one point. Um, if the responsible party HAPPENS to be reading this (fat chance)…give it up.

Then again it is little more than an annoyance to me. But, the folks at Shaw Cable Calgary might want to have a look at this spam-ish attack.

Sample message:

CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED…To FIX this problem:.Open Internet Explorer and type: www…..(URL removed)

Uh sure. Lemme get right on that.

Here is a sampling of the offending IP addresses.

24.64.16.108
24.64.176.121
24.64.253.157
24.64.101.183
24.64.123.17
24.64.118.131

…and so on. There are hundreds more.

Reference:

OrgName: Shaw Communications Inc.
OrgID: SHAWC
Address: Suite 800
Address: 630 – 3rd Ave. SW
City: Calgary
StateProv: AB
PostalCode: T2P-4L4
Country: CA

ReferralServer: rwhois://rs1so.cg.shawcable.net:4321

NetRange: 24.64.0.0 – 24.71.255.255
CIDR: 24.64.0.0/13
NetName: SHAW-COMM
NetHandle: NET-24-64-0-0-1
Parent: NET-24-0-0-0-0
NetType: Direct Allocation
NameServer: NS7.NO.CG.SHAWCABLE.NET
NameServer: NS8.SO.CG.SHAWCABLE.NET
Comment:
RegDate: 1996-06-03
Updated: 2006-02-08

[tags]Spam, Spammers, MSRPC Popup Messages, Shaw Cable Calgary[/tags]