Windows feature is a backdoor for spam
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Windows feature is a backdoor for spam

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    309

    Windows feature is a backdoor for spam

    FTC: Windows feature is a backdoor for spam




    By Bob Mims
    The Salt Lake Tribune

    The Federal Trade Commission has some urgent advice for users of Microsoft's Windows Messenger Service: Turn it off. Now.
    Back-door security flaws in the application -- an internal feature in personal computers using the latest versions of Windows, not to be confused with the MSN Messenger Internet chat program -- are being mercilessly exploited by spam "pop-up" advertisements.
    "Turn off the Windows Messenger Service. For most home users, [it] serves no purpose," FTC Consumer Protection director Howard Beales said Thursday. He added that Microsoft itself planned to set the program to a default "off" position in future shipments of its operating system.
    The impetus for Beales' alert during a Washington, D.C., teleconference was the FTC's obtaining of a temporary restraining order against D Squared Solutions LLC and two officers of the San Diego company, Anish Dhingra and Jeffrey Davis.
    Prosecutors allege the defendants used a "back-door" security flaw in WMS -- typically used by networks to send internal problems, or even to notify users of a completed print job -- to barrage PCs across the country with repeated pop-up ads.
    Most of the ads, which appeared on-screen as often as every 10 minutes -- pitched $25-$30 software programs to block future pop-ups. By using the WMS portal, D Squared purportedly inundated its targets with pitches even when users were not on the Internet, the usual arena for such annoyances.
    "They create a problem for consumers then charge them for a solution," Beales said.
    Davis could not be reached, but Dhingra, contacted by telephone, declined to comment on the allegations. However, in a Cnetnews.com article published online Nov. 25, 2002, Dhingra was quoted as denying his pop-ups were spam because affected users could simply turn off WMS to prevent them from appearing.
    Microsoft spokeswoman Tara Gregory applauded the FTC's action. "Microsoft remains committed to combating the spam epidemic through a multifaceted approach" comprising developing better antispam measures, backing strong laws and aggressively helping to prosecute violators, she said.
    Last month, Microsoft issued a security warning that WMS was vulnerable to back-door attacks. The software giant also announced it would disable WMS -- formerly set to the "on" position by default -- and activate Windows' Internet Connection Firewall to protect computers from such attacks. The changes are slated for mid-2004 release in Windows XP Service Pack 2; current editions of Windows XP still have WMS enabled.
    Complaints about the flaw have been widespread. Last month, leading Internet service provider America Online went so far as to block use of the WMS feature by its subscribers.
    Xmission, one of Salt Lake City's leading Internet service providers, moved even quicker.
    "We blocked [WMS] in early spring," said Xmission owner Pete Ashdown. "We noticed an increase of messages coming in on that port, which we knew was a security risk. It is very rarely used these days for anything except [spam]."
    Jay Lepreau, a computer-security research associate professor at the University of Utah, is quick to echo advice to turn off WMS and install a firewall. He recommends Zone Alarm, which can be downloaded for free from the Internet and also can protect against spyware -- hidden programs that monitor user activity and transmit the data to a third party.
    bmims@sltrib.com

    How to deactivate WMS

    * To disable Windows Messenger Service, Windows users generally can click on Start, select Control Panel (or click on Settings and then the Control Panel); double-click on Administrative Tools; double-click Services; and then double-click Messenger. In the Startup type list, click Disabled. Click Stop, and then click OK.
    For further instructions, visit http://www.microsoft.com/WindowsXP/p.../stopspam.asp.


    http://www.sltrib.com/2003/Nov/11072...ess/108934.asp

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Or install a firewall......... Duh!!!!!!!

    Not M$'s fault, sorry.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Pop ups are a big problen for me on a mac running os 9 is there any thing I can do to prevent this problem?
    If you have any sugestions of solutions please let me know.

    thx

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Mike: Different popups..... search google for "popup stopper Mac 9" and see what you get.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    "Or install a firewall......... Duh!!!!!!! "
    Well I am also a windows user and on win 98 it would be easyer to turn off win messenger.
    DUH!!!!!!!!!!!!!!!!!!!!!!!!!!

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Mike: Ever heard of Linksys, Dlink, NetGear..... and the rest of the "home grade" firewalls.... they are all very effective and cost effective......

    You can firewall that MAC of yours too......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    come on some one post

  8. #8
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    <rant>
    okay guys how many times do we have to cover the thousands of ways to avoid the messenger spam? Yea the original post about the FTc and all that is new and has some interest but would the rest of the idots asking :how do i stop it" do a little *****ing research the rest of us are tired of answering the same question over and over again.
    </rant>

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    This is not new. Gibson Research Corporation as pointed this out long ago and as even made a solution for those who don't like tweaking with their won hands.

    Be aware that the messenger service can be used not only to spam, but also to run arbitrary code on one's computer, making it a HUGE security flaw. The patch from M$ is available.

  10. #10
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Mike: You caught me in a good mood so I'm gonna give you the Google URL to use that will give you a BUNCH of popup stopper programs for the Mac....now click the URL and have fun.

    You may also want to checkout http://www.spywareinfo.com - they have a great list of software.

    Here ya go...go surfing: http://www.google.com/search?hl=en&i...topper+for+Mac

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •