RQdN Home > Computers > Messenger Spam Find Related Books

Learn How to Block Messenger Spam


    This article covers, the following:
     
  1. Introduction - You're angry and rightly so!  
  2. Messenger Spam - How did the Messenger spam find me?  
  3. Messenger Spam - How does Messenger spam work?  
  4. Messenger Spam - How do I block those annoying webpopup advertisements?  
  5. Your Computer - I made the suggested changes, now what?  
  6. Your Computer - Undoing changes you made to your computer system.
  7. More Information - A few webpages with more information regarding the above.




sample university diploma webpopup spam advertisement
 Sample Spam Advertisement

     You're angry! So much so, that you decided to search out a solution to stop those annoying webpopup advertisements (you don't need a university diploma anyway). You have a right to be angry! Rest assured, you're not alone. You join the millions who have also been victimized by this form of spam advertisements. Below, we will show you how to stop these webpopups forever. It's simple, and if you're technology savvy you'll be surprised at just how easy it is to stop these webpopups advertisements. For the purposes of this article, we have dubbed this new form of spam the "WEBPOPUP" after the individual(s) who use that particular user name to spam millions of unsuspecting internet users. However, it makes no difference if you are accessing the world wide web or just idling online, you're still vulnerable to the webpopup advertisements. Some have also dubbed this "Messenger Spam." By any name, they're pure evil and annoying.

     First, you should learn how the spammers were able to get past your firewall and system settings in order to prevent it in the future. Just when you thought your computer system was bullet proof, along comes a webpopup advertisement. This new form of spamming IS NOT a pop-up ad of the kind we are all used to. Pop-up ads of old used your internet browser to open a second window to either pop-over or pop-under your current open internet browser window. These new webpopup advertisements come not in your internet browser's window, but rather through your computer system's messaging system.

     Even more frightening than being bothered by webpopup spam, is the fact that unscrupulous individuals can develop viruses and worms that might incorporate this process in an attempt to manipulate it and maliciously cause damage to your computer.




prevent webpopup spam advertisement
 Sample "Net Send" Message

     How did the Messenger spam find me? In order to send the webpopup ad to you, the spammers had to find your computer. How did they do this? Easy. Each time you log onto the internet, whether by dial-up, DSL, or corporate network, you are assigned a unique IP address upon connection. This IP address consists of four banks of numbers each from 0 to 255 separated by periods, e.g. 205.13.126.55. A spammer can conduct a search between the numbers in order to send its webpopup ad. For example, they can search for all active computers between the IP addresses of 205.13.126.0 and 205.13.126.255. For each active computer it finds between those addresses, they stop, get your computer's name by a process called a NetBIOS request (usually through the open port of 139), and once obtained they invoke a Remote Procedure Call (RPC) on your computer which graciously activates the webpopup advertisement and interupts whatever you are doing. Spammers can target individual companies, ISP's, and even countries for their webpopup advertisements. One certain company (name and URL excluded for obvious reasons) has been selling software (which retails for $699.99) to simplify this method of "search and spam." This software is said to be capable of sending, at a minimum, 5,000 pieces of spam per hour (that's over one webpopup ad per second). Copycat and bootleg software is said to increase that twenty-fold and is capable of sending over 130,000 webpopup advertisements per hour (over 35 per second). What these clever bits of webpopup software do is unique, normally it would locate your computer (NetBIOS) through the open port of 139. Once this is determined, the software routes the spam message to your computer's port 135 for delivery via a Remote Procedure Call (RPC). However, if the user has their NetBIOS turned off (port 139 blocked), the software simply reroutes or defaults to port 135 to deliver its payload of spam. You're damned if you do, and you're damned if you don't ... either way you're getting spammed. Certain instances of this process of webpopup "search and spam" has been deemed by the Federal Trade Commission (FTC) to be an "unfair and deceptive practice" in violation of 15 U.S.C. § 45(a). One such complaint filed by the FTC can be found below.

prevent webpopup spam advertisement
Sample Webpopup Software




     How does the Messenger spam work? This new form of webpopup spam uses a feature of your computer's own Windows Operating System that was originally intended to let network administrators send messages to its users in order to notify them of certain critical events, i.e. a system shutdown or routine maintenance or backup. This in turn would allow the network's users to save whatever data or work that they may have in progress before the system shuts down. Using this same feature, the spammer can send a command to your computer to call the process "services.exe" which in turn may call a subroutine by the likes of "csrss.exe" which is the program on your computer that makes the advertisment pop-up (see sample pop-up ad above). By doing the following on your computer, you can send yourself a pop-up advertisement:

    1.  Enter MS DOS mode on your computer (also called the "Command Prompt")

    2.  Type the following (enter only the portions in black and red):

      Microsoft Windows [Version ------]
      (C) Copyright 1985-2002 Microsoft Corp.

      C:\>NET SEND <Computer Name or IP Address> <"Your Message Here">

     You can find your computer's name by clicking:

    Start -> Settings -> Control Panel -> System -> Network Identification

     You may also substitute the IP Address of 127.0.0.1 in place of the computer's name to get the same effect.

    Here's a sample input via the NET SEND command (message must be in quotes, see example) :

      C:\>NET SEND 127.0.0.1 "This is my message being sent to myself."

     For more information on NET SEND and the Messenger service from Microsoft, click here.




     How do I stop those annoying webpopup advertisements? Now that you know how they work, we'll show you how to stop those annoying webpopup advertisements once and for all. Windows, by default, leaves the messaging system active upon installation. Once deactivated, however, the webpopups can no longer invade your system or your privacy. Follow the directions found in either 1 through 3 below to deactivate the Windows messaging system on your computer (do not delete the "services.exe" or "csrss.exe" files, as these are used for other processes on your computer). As an alternate solution, follow the directions in 4 below to adjust your firewall settings to block the webpopups.

  1. Windows XP (Home and Professional editions):

    1. Click Start -> Settings -> Control Panel
    2. Click Performance and Maintenance (if it exists, else skip to 3).
    3. Click Administrative Tools.
    4. Double click Services.
    5. Scroll down and highlight "Messenger" (a single click).
    6. Right-click the highlighted line and choose Properties.
    7. Click the STOP button.
    8. Select Disable or Manual under the "Startup Type" menu selection (we recommend the manual setting).
    9. Click OK.
    10. No need to reboot - You are now blocking messenger spam advertisements!


  2. Windows NT/2000 (Server and Professional editions):

    1. Click Start -> Setings -> Control Panel -> Admin. Tools -> Services
    2. Scroll down and highlight "Messenger" (a single click).
    3. Right-click the highlighted line and choose Properties.
    4. Click the STOP button.
    5. Select Disable or Manual under the "Startup Type" menu selection (we recommend the manual setting).
    6. Click OK.
    7. No need to reboot - You are now blocking messenger spam advertisements!

      Please Note: If you discover that certain software failes to work after disabling the messenger service, reverse the process to reactivate it and move to Section 4 (Firewall Settings) below. In particular, please make sure that your anti-virus software has the ability to warn you of any danger via a pop-up window. You can check your anti-virus software by running the EICAR test file. For more information regarding the EICAR test file and what it does, please click here.


  3. Windows 95/98/ME:

    1. Remove or disable the file and printer sharing from your network configuration.
    2. A reboot may be required for changes to take effect depending on your version of Windows.

      Please Note: If you discover that certain software failes to work after disabling the messenger service, reverse the process to reactivate it and move to Section 4 (Firewall Settings) below. In particular, please make sure that your anti-virus software has the ability to warn you of any danger via a pop-up window. You can check your anti-virus software by running the EICAR test file. For more information regarding the EICAR test file and what it does, please click here.


  4. Firewall Setting (same effect as 1-3 above):

      Windows XP (built-in firewall software):

      1. Windows XP users click here to learn how to set your built in firewall to block UDP and TCP ports 135, 137-139, and 445. A short video is included to help guide you through the process if needed.

      Standard Firewall Software:

      1. Set your firewall to block UDP and TCP ports 135, 137-139, and port 445 from all incoming requests or data.
      2. A reboot may be required for changes to take effect depending on your firewall software.

    Please Note: That while blocking UDP and TCP ports 135, 137-139 and 445 will prevent the webpopup spam from reaching you, it may also block such programs such as Microsoft Outlook which use port 135 to communicate. If you discover certain software fails to work after blocking the ports mentioned above, most firewall software allows the user to designate certain software for pass-through access. This must be set manually by the user. Please see your firewall's help section to learn how to do this.




     I made the suggested changes, how do I know if I'm blocking those annoying webpopup advertisements? You can run the NET SEND command from the DOS prompt (see above for details on how to do this). If no webpopup appears and you receive the message at the DOS prompt that says, "The message alias could not be found on the network", you are blocking the webpopup ads!




     Undoing changes to your computer system. If for some reason the suggested changes prevent your computer from performing certain tasks, you can reactivate the "Messenger" by retracing the steps above to reverse your changes. Unless you are operating on a network, you shouldn't experience any problems. People on networks may want to use the suggested firewall settings to prevent the webpopup advertisements.





     See also, these cross-references:


     Sponsored links:

 


HOME  ·  ABOUT US  ·  CONTACT US  ·  ADVERTISING  ·  ADD URL  ·  DISCLAIMER  ·  PRIVACY POLICY

Copyright ©  Re-QUEST dot Net™  All rights reserved.