Sneaky New Form of Online Ads Pops Up
A new breed of pop-up messages is proliferating that can evade ad-blocking programs and may indicate a security risk as well as present a nuisance.
Internet security monitoring firm myNetWatchman says it has seen a five-fold increase in the past month in Windows Messenger Service spam. In fact, the prevalence of such ads is worrying leading ISP America Online, so it has begun blocking the communications ports the Messenger Service uses in order to protect its members.
"It was a vulnerability, and we have blocked the port used to exploit that hole," says AOL spokesperson Andrew Weinstein.
Now, several companies have figured out a way to ship unsolicited ads in
bulk to people through Windows Messenger Service. Through this conduit, the ad
delivery services send short text messages to Windows PCs while they are
connected to the Internet. It is yet another method of the
Accepting text messages through the Windows Messenger Service is enabled by default on Windows 2000, NT, and XP. It is not enabled on Windows 95, 98, and Me. Your Web browser need not be open for your system to get an unwanted commercial missive through the Messenger Service. Receipt does require, however, that the target PC be online.
The new spam technique is the latest attempt to bypass increasingly sophisticated e-mail spam filters and ad-blocking programs. However, users can block such messages by deactivating the Messenger Service or installing a firewall.
"These pop-ups are really nothing more than annoyances," says Lawrence
Baldwin, president and founder of
Baldwin says the Windows Messenger Service software he's reviewed works by trolling the Internet and probing up to 200,000 PCs each hour. The programs are searching for systems with an open Messenger Service communication port so they can receive pop-ups. He warns that a malicious hacker can also use an open port as a back door to gain access to systems.
Baldwin's firm, which monitors some 1400 networks worldwide, estimates 50 million PCs daily receive unsolicited connection attempts from services trying to send Messenger Service pop-ups. Baldwin says he cannot tell what percentage of the ads actually reaches the targeted 50 million PCs.
The fact that a third party can easily gain unauthorized access to Microsoft's Messenger Service is a "major security flaw" on Microsoft's part, says another security consultant. Christopher Brandon, president of Brandon Internet Security, says the Messenger Service is a ripe target for malicious hackers. One could send a barrage of messages to one PC, eat up its available memory, and crash the system, he says. The programs that identify open ports for the purpose of sending ads are essentially tricking the PC by impersonating a system administrator, he notes.
Microsoft says that messages sent through the Messenger Service application may be annoying, but denies they pose a security risk. However, Microsoft confirms that users can block the relevant ports so outsiders will not be able to send messages, or use a firewall to block access. The Internet Connection Firewall in Windows XP can block such messages as well.
Those selling the software that identifies open ports and enables pop-up transmissions maintain that their products are not spam promoters or a security threat when used for their intended purpose.
"The Messenger Service was never intended for advertising," says Brian Codori, chief executive officer of Brain Enterprises. He resells software that enables easy access to the Windows messaging vehicle, as well as mass-probing of PC ports and the capability to broadcast messages.
Codori says the software he sells is intended for system administrators to broadcast messages over a LAN.
"If someone decides to use software I sell for another reason, that's not my responsibility," Codori says.
Another firm that sells a software tool that advertisers can use to send
Windows Messenger Service pop-ups is
Another software program that can be used to identify open ports and
send messages is marketed by
Kovacs said he expects to soon sell the company, and acknowledges receiving complaints about its Messenger Service ads.
Security consultant Brandon has filed a complaint with police in Plantation, Florida, where he believes Direct Advertiser is located. Kovacs says his company is based in Romania. A demo copy of the software contains a Plantation, Florida address.
"It's too early to pass judgment whether this technology constitutes a violation of the law," says Detective Steve Parra, with the Plantation, Florida Economic Crime Unit. Parra confirms he is investigating complaints from Brandon and others about Direct Advertiser and its software.
Still, the ads keep coming. One Windows Messenger Service-enabled ad
circulating on the Internet is for a university degree program from
A Kingsfield University representative declines to say what software Kingsfield University uses for its pop-up ads. The spokesperson, Nicholas Norton, the university's head registrar, also declines to comment on the success of its online ad campaign.
Many companies who advertise using ordinary pop-ups stay away from sending ads through the Windows Messenger Service, says the publisher of an online marketing e-newsletter.
"I haven't heard of anyone taking this advertising medium seriously,"
says Pesach Lattin,
Windows Messenger services use NetBios, a standard protocol that enables communication among systems on a network. You can deactivate NetBios in Windows NT and Windows 2000 by a series of commands that block the NetBIOS ports (ports 135-139).
First, go to
Windows XP users wishing to turn off Windows Messenger service should go
Next, follow the same steps as you would with 2000 and select