Sneaky New Form of Online Ads Pops Up

A new breed of pop-up messages is proliferating that can evade ad-blocking programs and may indicate a security risk as well as present a nuisance.

Internet security monitoring firm myNetWatchman says it has seen a five-fold increase in the past month in Windows Messenger Service spam. In fact, the prevalence of such ads is worrying leading ISP America Online, so it has begun blocking the communications ports the Messenger Service uses in order to protect its members.

"It was a vulnerability, and we have blocked the port used to exploit that hole," says AOL spokesperson Andrew Weinstein.

Now, several companies have figured out a way to ship unsolicited ads in bulk to people through Windows Messenger Service. Through this conduit, the ad delivery services send short text messages to Windows PCs while they are connected to the Internet. It is yet another method of the practice of pushing digital promotions to an unsuspecting PC user.

Accepting text messages through the Windows Messenger Service is enabled by default on Windows 2000, NT, and XP. It is not enabled on Windows 95, 98, and Me. Your Web browser need not be open for your system to get an unwanted commercial missive through the Messenger Service. Receipt does require, however, that the target PC be online.

The new spam technique is the latest attempt to bypass increasingly sophisticated e-mail spam filters and ad-blocking programs. However, users can block such messages by deactivating the Messenger Service or installing a firewall.

"These pop-ups are really nothing more than annoyances," says Lawrence Baldwin, president and founder of myNetWatchman . But he warns that if your PC's security preferences are set low enough to accept the messages, then "it should serve as a (security) wake-up call and a good time to start evaluating the security of your machine."

Baldwin says the Windows Messenger Service software he's reviewed works by trolling the Internet and probing up to 200,000 PCs each hour. The programs are searching for systems with an open Messenger Service communication port so they can receive pop-ups. He warns that a malicious hacker can also use an open port as a back door to gain access to systems.

Baldwin's firm, which monitors some 1400 networks worldwide, estimates 50 million PCs daily receive unsolicited connection attempts from services trying to send Messenger Service pop-ups. Baldwin says he cannot tell what percentage of the ads actually reaches the targeted 50 million PCs.

The fact that a third party can easily gain unauthorized access to Microsoft's Messenger Service is a "major security flaw" on Microsoft's part, says another security consultant. Christopher Brandon, president of Brandon Internet Security, says the Messenger Service is a ripe target for malicious hackers. One could send a barrage of messages to one PC, eat up its available memory, and crash the system, he says. The programs that identify open ports for the purpose of sending ads are essentially tricking the PC by impersonating a system administrator, he notes.

Microsoft says that messages sent through the Messenger Service application may be annoying, but denies they pose a security risk. However, Microsoft confirms that users can block the relevant ports so outsiders will not be able to send messages, or use a firewall to block access. The Internet Connection Firewall in Windows XP can block such messages as well.

Those selling the software that identifies open ports and enables pop-up transmissions maintain that their products are not spam promoters or a security threat when used for their intended purpose.

"The Messenger Service was never intended for advertising," says Brian Codori, chief executive officer of Brain Enterprises. He resells software that enables easy access to the Windows messaging vehicle, as well as mass-probing of PC ports and the capability to broadcast messages.

Codori says the software he sells is intended for system administrators to broadcast messages over a LAN.

"If someone decides to use software I sell for another reason, that's not my responsibility," Codori says.

Another firm that sells a software tool that advertisers can use to send Windows Messenger Service pop-ups is Broadcast Advertiser. The company recently acquired the product, Quicksend, from a company of the same name. Marketing material on its Web site boasts the software can "send your advertising message to millions of people instantly!" When Quicksend still marketed the software, an employee who asked not to be identified said most of its customers were companies that maintain--and advertise--adult-content Web sites and 900 numbers.

Another software program that can be used to identify open ports and send messages is marketed by Direct Advertiser, which has sold more than 200 copies of its application since October, according to Zoltan Kovacs, founder. He says ISPs use his program to send commercial messages, and that nothing is illegal or improper about his company or the software.

Kovacs said he expects to soon sell the company, and acknowledges receiving complaints about its Messenger Service ads.

Security consultant Brandon has filed a complaint with police in Plantation, Florida, where he believes Direct Advertiser is located. Kovacs says his company is based in Romania. A demo copy of the software contains a Plantation, Florida address.

"It's too early to pass judgment whether this technology constitutes a violation of the law," says Detective Steve Parra, with the Plantation, Florida Economic Crime Unit. Parra confirms he is investigating complaints from Brandon and others about Direct Advertiser and its software.

Still, the ads keep coming. One Windows Messenger Service-enabled ad circulating on the Internet is for a university degree program from Kingsfield University in England.

A Kingsfield University representative declines to say what software Kingsfield University uses for its pop-up ads. The spokesperson, Nicholas Norton, the university's head registrar, also declines to comment on the success of its online ad campaign.

Many companies who advertise using ordinary pop-ups stay away from sending ads through the Windows Messenger Service, says the publisher of an online marketing e-newsletter.

"I haven't heard of anyone taking this advertising medium seriously," says Pesach Lattin, Adbumb publisher. The Messenger Service-style ads risk annoying prospective customers as much as enticing them, he notes.

Windows Messenger services use NetBios, a standard protocol that enables communication among systems on a network. You can deactivate NetBios in Windows NT and Windows 2000 by a series of commands that block the NetBIOS ports (ports 135-139).

First, go to Start, Settings, Control Panel, Administrative Tools, and Services. Next, select Messenger from the list and right-click; then select Properties. Last, select the Stop button and then Startup Type and finally Disable.

Windows XP users wishing to turn off Windows Messenger service should go to Start, Control Panel, Performance and Maintenance and select Administrative Tools.

Next, follow the same steps as you would with 2000 and select Messenger from the list. Right-click and select Properties. Select the Stop button, choose Startup Type, and then pick Disable.