Sneaky new form of online ads pops up

A new breed of pop-up messages is proliferating that can evade ad-blocking programs and may indicate a security risk as well as present a nuisance.

Internet security monitoring firm myNetWatchman says it has seen a five-fold increase in the past month in Windows Messenger Service spam. In fact, the prevalence of such ads is worrying ISP America Online Inc., so it has begun blocking the communications ports the Messenger Service uses in order to protect its members.

"It was a vulnerability, and we have blocked the port used to exploit that hole," says AOL spokesperson Andrew Weinstein.

Now, several companies have figured out a way to ship unsolicited ads in bulk to people through Windows Messenger Service. Through this conduit, the ad delivery services send short text messages to Windows PCs while they are connected to the Internet. It is yet another method of the practice of pushing digital promotions to an unsuspecting PC user.

Accepting text messages through the Windows Messenger Service is enabled by default on Windows 2000, NT, and XP. It is not enabled on Windows 95, 98, and Me. Your Web browser need not be open for your system to get an unwanted commercial missive through the Messenger Service. Receipt does require, however, that the target PC be online.

The new spam technique is the latest attempt to bypass increasingly sophisticated e-mail spam filters and ad-blocking programs. However, users can block such messages by deactivating the Messenger Service or installing a firewall.

Pest or Worse?

"These pop-ups are really nothing more than annoyances," says Lawrence Baldwin, president and founder of myNetWatchman . But he warns that if your PC's security preferences are set low enough to accept the messages, then "it should serve as a (security) wake-up call and a good time to start evaluating the security of your machine."

Baldwin says the Windows Messenger Service software he's reviewed works by trolling the Internet and probing up to 200,000 PCs each hour. The programs are searching for systems with an open Messenger Service communication port so they can receive pop-ups. He warns that a malicious hacker can also use an open port as a back door to gain access to systems.

Baldwin's firm, which monitors some 1400 networks worldwide, estimates 50 million PCs daily receive unsolicited connection attempts from services trying to send Messenger Service pop-ups. Baldwin says he cannot tell what percentage of the ads actually reaches the targeted 50 million PCs.

The fact that a third party can easily gain unauthorized access to Microsoft Corp.'s Messenger Service is a "major security flaw" on Microsoft's part, says another security consultant. Christopher Brandon, president of Brandon Internet Security, says the Messenger Service is a ripe target for malicious hackers. One could send a barrage of messages to one PC, eat up its available memory, and crash the system, he says. The programs that identify open ports for the purpose of sending ads are essentially tricking the PC by impersonating a system administrator, he notes.

Microsoft says that messages sent through the Messenger Service application may be annoying, but denies they pose a security risk. However, Microsoft confirms that users can block the relevant ports so outsiders will not be able to send messages, or use a firewall to block access. The Internet Connection Firewall in Windows XP can block such messages as well.

Who's Sending This Stuff?

Those selling the software that identifies open ports and enables pop-up transmissions maintain that their products are not spam promoters or a security threat when used for their intended purpose.

"The Messenger Service was never intended for advertising," says Brian Codori, chief executive officer of Brain Enterprises. He resells software that enables easy access to the Windows messaging vehicle, as well as mass-probing of PC ports and the capability to broadcast messages.

Codori says the software he sells is intended for system administrators to broadcast messages over a LAN.

"If someone decides to use software I sell for another reason, that's not my responsibility," Codori says. Another firm that sells a software tool that advertisers can use to send Windows Messenger Service pop-ups is Broadcast Advertiser. The company recently acquired the product, Quicksend, from a company of the same name. Marketing material on its Web site boasts the software can "send your advertising message to millions of people instantly!" When Quicksend still marketed the software, an employee who asked not to be identified said most of its customers were companies that maintain--and advertise--adult-content Web sites and 900 numbers.

Pushing Back

Another software program that can be used to identify open ports and send messages is marketed by Direct Advertiser, which has sold more than 200 copies of its application since October, according to Zoltan Kovacs, founder. He says ISPs use his program to send commercial messages, and that nothing is illegal or improper about his company or the software.

Kovacs said he expects to soon sell the company, and acknowledges receiving complaints about its Messenger Service ads.

Security consultant Brandon has filed a complaint with police in Plantation, Florida, where he believes Direct Advertiser is located. Kovacs says his company is based in Romania. A demo copy of the software contains a Plantation, Florida address.

"It's too early to pass judgment whether this technology constitutes a violation of the law," says Detective Steve Parra, with the Plantation, Florida Economic Crime Unit. Parra confirms he is investigating complaints from Brandon and others about Direct Advertiser and its software.

How Effective?

Still, the ads keep coming. One Windows Messenger Service-enabled ad circulating on the Internet is for a university degree program from Kingsfield University in England.

A Kingsfield University representative declines to say what software Kingsfield University uses for its pop-up ads. The spokesperson, Nicholas Norton, the university's head registrar, also declines to comment on the success of its online ad campaign.

Many companies who advertise using ordinary pop-ups stay away from sending ads through the Windows Messenger Service, says the publisher of an online marketing e-newsletter.

"I haven't heard of anyone taking this advertising medium seriously," says Pesach Lattin, Adbumb publisher. The Messenger Service-style ads risk annoying prospective customers as much as enticing them, he notes.

Turn Off the Messenger

Windows Messenger services use NetBios, a standard protocol that enables communication among systems on a network. You can deactivate NetBios in Windows NT and Windows 2000 by a series of commands that block the NetBIOS ports (ports 135-139).

First, go to Start, Settings, Control Panel, Administrative Tools, and Services. Next, select Messenger from the list and right-click; then select Properties. Last, select the Stop button and then Startup Type and finally Disable.

Windows XP users wishing to turn off Windows Messenger service should go to Start, Control Panel, Performance and Maintenance and select Administrative Tools.

Next, follow the same steps as you would with 2000 and select Messenger from the list. Right-click and select Properties. Select the Stop button, choose Startup Type, and then pick Disable.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Spring

PC World
Show Comments





Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?