Copyright 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

This is a type of spam that generates pop-up Windows using the Messenger Service that is an integral part of Windows.

 

Do NOT confuse the above with the chat programmes Windows Messenger or MSN Messenger - they are different.  The spammers are using something called Windows Messenger *Service*, which is technically described as a Remote Procedure Call (RPC) Service.

 

If you use a firewall such as ZoneAlarm, you should not be bothered by the new type of spam. You may notice an increase in probes against 'NETBIOS' which could indicate that attempts to send the new type of spam are occurring.  Use the programme ZoneLog to analyse and report the probes to the relevant ISP. Zonelogs is available at http://zonelog.co.uk/ .

 

Other firewalls will also block such spam if set up properly, but I don't know of supporter programmes for other firewalls that make it as easy to analyse, trace and report the new type of spammer.

 

It is possible to disable the Messenger Service, but to do so may  have a bad effect on programmes that depend on Messenger Service to work properly including Outlook, Exchange Server, SBS, and various internal Windows processes.  It should be sufficient for the average computer user to run a firewall to stop the spammers getting these ads into your computer.  XP's inbuilt firewall is NOT enough; it only prevents ingoing data. You need to control outgoing data as well (spyware may try to 'phone home', trojans may try to transmit data etc).  I prefer the programme Zonealarm (I use the Professional version and consider it well worth the money).

 

STOP PRESS ... The yet-to-be-released XP SP2 will disable Messenger Service and Alerter Service by default.  XP SP2 will also enable firewall by default on *all* connections.

 

Update 6 August 2004 - not long to go now until XP SP2 is released.  It will be available via Windows Update, or can be ordered on CD.  The URL for ordering XP SP2 is:

http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default810.mspx

 

Some sites that discuss the Netbios spam problem, and various fixes, are noted below:

 

http://www.jmu.edu/computing/security/info/winmsg.shtml

http://www.mynetwatchman.com/kb/security/articles/popupspam/index.htm

 

Disabling Messenger Service (see the section "RPC Services")

http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html