When you think of spam, you normally think about those annoying unsolicited email
messages you receive in your inbox. But there's a new form of spam that's coming your way and you don't need to have an email
account, chat client, or Web browser to receive it. All you need in order to be spammed is Windows XP, 2000, or NT and an
This new form of spam is called messenger spam. Messenger (not to be confused with MSN messenger) is a service that is
loaded by default upon the startup of Windows XP/2000/NT. Microsoft has used the messenger service for a number of years to
send messages between its servers and clients. Here is Microsoft's official description of the messenger service:
Transmits "net send" and Alerter service messages between clients and servers. This service
is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service
is disabled, any services that explicitly depend on it will fail to start.
What is this messenger service and why is it spam? The easiest way to explain it is to show you the ethical and non-ethical
ways of using the messenger service. The ethical use turns the messenger service into a handy tool for system administrators.
They can monitor servers and send out status pop-ups if a problem occurs. See an example by clicking here.
The non-ethical use of the messenger service turns it into an untraceable spam tool. As you can see in this example, the sender has changed the computer name to "VirusScan." This fools the end user into believing it is a message from his
or her antivirus program. The message also refers the user to a website, and as you can probably guess, it's not an antivirus
The problem here is that anyone can send messages though the messenger service, not just system administrators. The command
to send a message is called "net send" and can be executed from the command prompt with the following syntax.
Spammers will automate this process using batch files so that they can send hundreds of messages per hour (see an example).
You're probably saying to yourself, "No one knows my IP address. I'm safe." Not true. You and your hidden messenger service
can easily be detected by running a simple port scan across a range of IP addresses. The messenger service is part of the
Netbios service that runs on TCP port 139. To detect potential targets, the spammer will scan IP addresses with port 139 open.
To demonstrate this, I downloaded an application named SuperScan and scanned 131 IP addresses for the open port 139. Click
here to see a screen shot of my results.
Out of 131 computers, 42 of them were open for attack. Using this method thousands of open IP addresses can be harvested
and spammed per hour.
Stop the spam
Fortunately there is an easy way to protect yourself; you must turn off the messenger service from within XP/2K/NT. Remember,
if you are behind a firewall/corporate network you are most likely safe (as long as port 139 is blocked). Always check with
your system administrator before making any changes to your services.
To turn off the messenger service in XP:
- Click on the Start button and open the control panel.
- Open the Performance and Maintenance control panel and go to Administrative
- Now double-click on Services, then scroll to Messenger.
- Double-click Messenger and click Stop to stop the service.
- Change the startup type to Disable (see an example).
Many times these errors have more to do with the Web servers you're trying to access rather than something being wrong
with your computer. Here is a list of error messages you might encounter while surfing the Web and their respective meanings
to help you figure out just what the problem is.
Use an Internet Firewall
Operating System: Windows XP
Updated: September 9, 2003
Before you connect your computer to the Internet, you should install a firewall. This is a piece of software
or hardware that helps protect your PC against hackers and many computer viruses and worms. If you have the Microsoft Windows®
XP operating system, you can use its built-in Internet Connection Firewall. Using a firewall is the most important first line
of defense for computer security. You should also use Windows Update and antivirus software to help protect your PC.
Important Internet Connection Firewall works by blocking certain types of potentially harmful network
communication. However, it also blocks some useful network communication tasks (for example, sharing files or printers through
a network, transferring files in applications such as instant messaging, or hosting multiplayer games). We highly recommend
that you use a firewall because it helps protect your computer today. If you choose to turn on Internet Connection Firewall
you can come back later for help with unblocking useful network communication tasks. For more information, please refer to
the Frequently Asked Questions About Firewalls.
The steps below tell you how to make sure the Windows XP firewall is turned on. If you have a different
configuration, a home network, a different version of Windows, or if you encounter problems during the steps, see the Frequently Asked Questions about Firewalls.
To turn on the Internet Connection Firewall
- Click Start, and then click Control Panel
- Click Network and Internet Connections, and then click Network Connections.
Click Network and Internet Connections
Note: If the Network and Internet Connections category is not visible, click Switch to Category
View on the upper left of the window.
Switch to Category View
- Under the Dial-Up or LAN or High Speed Internet heading, click the icon to select the connection that you
want to help protect.
- In the task pane on the left, under Network Tasks, click Change settings of this connection. (As a shortcut,
you can right-click the connection you want to help protect, and then click Properties.)
Change connection settings
Alternatively, right-click the connection, and click Properties
- On the Advanced tab, under Internet Connection Firewall, check the box next to Protect my computer and
network by limiting or preventing access to this computer from the Internet.
Check the box to protect your computer and network
After you check the box and close the Properties window, the firewall is turned on. The firewall may interfere
with some network operations such as file and print sharing, networking-related programs, or online games. For more information
about fixing these issues, see the Frequently Asked Questions page listed below.
If you have more than one computer, want more technical information, or just want to learn more about Internet firewalls,
see the Frequently Asked Questions About Firewalls page.