Company charged with using Windows to spam pop-up ads

The U.S. Federal Trade Commission (FTC) has filed suit against a company that allegedly exploited a vulnerability in Microsoft's Windows system by using a feature intended for administrative alerts to barrage users with pop-up ads.

The tactic involved the Windows Messenger Service, a software feature distinct from Microsoft's similarly named MSN Messenger and Windows Messenger instant-messaging applications. The Messenger Service is part of the Windows XP and Windows 2000 operating systems, and allows network administrators to send messages to users, such as notifications about the status of print jobs.

The feature proved problematic as external parties figured out how hijack the Messenger Service and use it to send unsolicited information like ads to Internet-connected computers. The company targeted by the FTC, San Diego-based D Squared Solutions, used Messenger Service to flash ads touting its pop-up blocking software, which it sold for US$25 to $30, according to the FTC's complaint.

Because D Squared created a problem specifically so it could sell a solution to the problem, its business model boiled down to, "I'll beat you and I'll stop beating you if you pay," said FTC Bureau of Consumer Protection Director Howard Beales during a press conference on Thursday. "We call that extortion, and it's not any different in the high-tech world," Beales said.

The FTC filed a sealed complaint against D Squared on Oct. 30 in the U.S. District Court for the Northern District of Maryland, which granted a temporary restraining order against D Squared. The complaint was unsealed Wednesday. It charges D Squared and two of its officers with unfair use of Windows Messenger Service and with unfair attempts to coerce consumers into purchasing D Squared's software.

Those officers could not be reached for comment.

The FTC seeks to prevent D Squared from advertising through Windows Messenger Service, and to bar it from selling to others the software it developed to take advantage of the service. The FTC also seeks to recover all of D Squared's revenue from its exploit. Beales said the FTC is still determining how much D Squared took in, but he estimated the total at several hundred thousand dollars.

Microsoft has already taken steps to address the unintended spam side-effects of its Windows Messenger Service. The company advises home users to disable the feature, and both Microsoft and the FTC have instructions posted on their Web sites on how to turn it off, at http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp and http://www.ftc.gov/bcp/conline/pubs/alerts/popalrt.htm. In an upcoming service pack, Microsoft plans to disable by default the Windows Messenger Service and to activate firewall software that can protect users from third-party intrusions on their system.

The FTC's Beales did not chastise Microsoft for the software vulnerability. When the problem arose, Microsoft responded appropriately by advising customers on how to fix it, he said. Beales encouraged consumers with broadband Internet connections to stay alert for software updates and patches, and to install hardware or software firewalls to help protect against attacks.

America Online (AOL) also took steps to address the Windows Messenger Service loophole, using a recent update of its software to disable the Windows feature on its subscribers' computers. One consumer targeted by D Squared turned to AOL for help in solving the problem after she grew frustrated by an onslaught of D Squared's ads.

"I was receiving these pop-up messages very frequently. At one point it seemed like they were appearing almost every 10 minutes on my screen," said Karen McKechnie, of Annandale, Virginia, during the FTC's press conference. She filed a complaint with the FTC and called AOL, which helped her disable the messaging service.

"My concern is that this should not be allowed. The people who are sending these messages are infringing on my rights and everyone else's rights to use your computer," McKechnie said.

Because the Messenger Service spam problem only affects Internet-connected computers running specific versions of Windows without a firewall, it wasn't as widespread an issue as other unsolicited advertising gluts, like e-mail spam. Still, at least one other company had licensed D Squared's software and used it to send ads, Beales said, indicating that further FTC actions could be forthcoming.

"We can't comment on investigations, but I would think that anybody that was using this (advertising) technology should pay attention today," he said. "What consumers ought to do now that they understand the problem is fix it. It's not hard to turn off."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stacy Cowley

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?