"Messenger Service" Spam - End it now...

I claim not athur ship for this info but I've done it and it works

Messenger Service Spam - End It Now!

I had it for myself for a long time, suddenly those grey pop-ups jumped up on my screen and it started with one per day and suddenly more... but this is how to eliminate them.

How Is This Used By Spammers?

Firstly it is worth pointing out that this is NOT a problem related in any way to the Windows Messenger or MSN, clients (as many people seem to believe...)

What the spammers are doing is scanning thousands of IP addresses (the unique number your ISP gives to your PC whilst you are on the Internet) and checking to see if any of the PC's are open on UDP ports 135, 137 and 138 - TCP ports 135, 139 and 445.

When the spammers software detects your PC is running the "Messenger" service on these ports you get sent the Messenger Service Spam..Messenger Service Spam - What Is It...

A new kind of menace is invading the PC's of many home users and it is called "Messenger Service Spam"

You can be sitting at your PC, and as long as you have a connection to the Internet that is active, you might get a box that pops up on your screen asking you to phone a premium rate number, apply for a diploma etc.... Thousands of a Messenger Service Spam popup are being sent by spammers each day.

You do not have any particular software open at the time to be sent one of these spam messages!

How Did The Message Get Here?

Every Windows XP (and 2000) machine has a "service" running behind the scenes called the "Messenger" service. This is a normal part of the operating system that is used by network administrators like myself to send messages to other users on a company network.

For example if I want to ask a user to shut down their PC I could open a command prompt and type the request using the "net send" command. The following image shows the command being sent to a user on my internal network at the IP address 192.168.254.37

http://www.updatexp.com/image-files/netsends1.gif

On the users PC they get the message delivered as a standard Windows dialogue box:

http://www.updatexp.com/image-files/netsendr.gif

As you can see this is a very handy feature for administrating networks! I have been able to accomplish this because the "Messenger" service allows the "net send" function to communicate across networks.

Is This Limited To Net Send Commands?

No... Another function can use the "Messenger" service to communicate across networks and these messages are called "Alerter's". If you have ever received a message from your UPS (Uninterruptible Power Supply) that it has passed a self test, or went onto battery for a moment due to a spike in the power supply - then you have received an "Alerter" message.

How To Stop The Messenger Service Spam

Instructions:
Go to the START menu, Select Run and type in services.msc and click OK.

Scroll down and find the Messenger service, select it, right click it and choose properties.

http://www.updatexp.com/image-files/messengersvc.gif

Under Startup Type select Manual. (or Disabled)

Then click the Stop button.

Then click the Apply button.

Then click the OK button.

Messenger Service Spam can no longer be received on your machine....

However you will now no longer receive legitimate net send or alerter messages either, but for most folk this is not going to be a problem. If you are using a NAT router to access the Internet then you will be immune to these Messenger Service Spam popups as they can only be received by public IP addresses and NOT the private IP addresses that NAT routers use for internal networks.

Likewise if you are using Windows XP Internet Connection Sharing (ICS) only the "gateway" PC should get the Messenger Service Spam popups as the other PC will be getting private IP addresses from the ICS service... (Just in case you are wondering private IP addresses usually look something like: 192.168.xxx.xxx)

Also installing a personal "Firewall" on your PC will offer you protection too!

Conclusion...

Why Spammers have waited until now to start inflicting Messenger Service Spam on the world is a mystery as this capability has been there since the release of Windows NT!

As at the time of writing this article there are no "known" security defects with the Messenger service, its just that Microsoft have enabled this service by default and so millions of users are potential recipients of these Messenger Service Spam pop ups...

Perhaps this is yet ANOTHER example of why Microsoft should not be enabling unnecessary services and ports on its operating systems!

If you are a home user then you DO NOT really need this service running so turn it off today... However, the best solution is to implement a Firewall and block the specific ports used by Net Send, but this is not for the novice user to try!

This post is intended for the novice user of Windows XP who is unfamiliar with Firewalls and needs an easy and robust solution to the Messenger Service Spam issue... If you would like more in-depth information on this issue then PLEASE read the following article as it contains information on the Messenger Service, XP SP1 and UniCast messaging: http://support.microsoft.com/?id=330904

But you see, Microsoft likes those hidden, opened, "unused" ports. Go ahead, enable automatic updates. And wouldn't an XP service like letting another computer walk you through using yours be helpful? Microsoft is only looking out for your best interests... really. Trust them... they wouldn't do anything wrong... :rolleyes:

Not to get to off topic but are you an employ of Micro. I read somewhere and have tested a myth that MS word or Work these has hidden message not to sure what they are a friend of mine has the artical and with me moveing soon I know I wont be exact on that info however if you type in "kill all fags" you get "death by behading", "Will MS. rule the world" you get "hopefuly soon" and thats not where my distrust for MS. come from but that aside there are users who should take the resoiblity and go to www.mircosoft.com and update there computers them selfs keep in mind they are just guides there for the benift of our users and they where posted with there best intrest in mind they dont have to use the guids however I'd recomend useing restore points just in case.

Good ole fixes for newcomers :) Gotta love it when they get those messages and panic like crazy hahaha

It's been a problem since day one of Windows XP. And well, for some odd reason, Microsoft doesn't want to disable the service, instead leave it running, and having vulnerable people be attacked by these spam messages.
I've read on the MCSE forums that the problem wouldn't be solved because those ports were reserved for some type of later function. Although they didn't specify what. I would go along with Phoenix and just disable it, afterall that's what I had done 3 years ago... :)

Its MSs way to make sure you dont make an OS thats better then theres its like the way the keep firefox down

Yea, but most of the IT students this day "including me" are changing to open source. I haven't worked extensively on a Unix environment, since my program focuses on Microsoft products. But the power of Open Source and it's ever growing popularity can't be stopped.

Ever see the ep where Bill Gates and two of his goones trash Homers set up thats what happens

Yea, that was funny at the time, haha. But whatever, I'm not complaining, everything I want from Microsoft, I get free, and legally licensed. :) Benefits from being in their learning strategy and being an MCP :)