Home Page

  


EARLIER FEATURES

  


FEATURES CONTENTS

  


LATER FEATURES

  

Features Contents
29th April 2003

THE BYE BYE ADS SCAM

Brian Grainger

email.gif (183 bytes)
brian@grainger1.freeserve.co.uk
 

Before reading on please note the following:

I am NOT sending you the Messenger Spam
I have NOTHING to do with the companies mentioned
I am simply trying to provide information for FREE
that these companies will charge you for.

Since this article was originally written the company concerned has tried to increase its influence be renaming itself and creating several web pages, all virtually the same. In addition, new companies have sprung up using the same technique to sell the same type of product at various prices.

In an effort to keep this page on the Search Engines for when people search for the alternative names I am listing them here. Remember - whatever name is used, it is still a scam. The information below will cost you nothing but you will regain your sanity!

  • The DestroyAds Scam
  • The EndAds Scam
  • The MessageStop.net Scam
  • The Stop It Now Scam (www.stopitnow.net)
  • The BlockMessenger Scam
  • The Messenger Guard Scam
  • IT Support UK Scam
  • The AdHammer Scam
  • The SaveYourPrivacy Scam

My thanks go to those of you out there giving me feedback on this problem, informing me of the name changes.

Within the last week I have had two people coming to me with the same problem. A company called ByeByeAds was somehow repeatedly sending messages to their computers when they were connected to the Internet. The message from ByeByeAds was that a port on the computer was open and for a sum of money they could tell the user how to close it. This is a scam because the port in question, (135), cannot really be closed, but a solution can be obtained free of charge if you know where to look.

Update (10 July 2003) - I understand that some advertisers of adult material are also using the same technique, which is worrying for those of you with young children.

Update (30 September 2003) - I understand there is a new twist to this scam. A popup from IT Support UK is appearing that promises to tell you how to stop such popups if you ring a premium rate telephone number. The cost is £1.50 per minute with a call lasting no more than a minute (it says). Cheaper than the other scammers but it is still free here!

As these messages could be sent to anyone with Windows XP, especially those on broadband, I felt some help may be needed by more of you out there. This feature summarises the results of my investigations.

The Problem

A new breed of pop-up ads is appearing mysteriously on Microsoft Windows users' computers. The so-called "Messenger spams" have recipients fuming.

The Messenger service, originally designed to enable system administrators to send messages to users on a network, can be used by unauthorised users of your computer without gaining any kind of privileged access. By tapping into the Messenger service, advertisers anywhere in the world, such as ByeByeAds, can deliver completely anonymous and virtually untraceable ads straight to the screen.

The Messenger service, not to be confused with Microsoft's MSN Messenger chat client, is enabled by default on Windows 2000, NT and XP systems, so such systems are easy to target. All that is required is for the advertiser to sniff out the IP address being used while online. Obviously this is easier to do with always on broadband connections but dial-up users have been known to receive such messages.

Workaround Solution

The workaround solution is to disable the Messenger service as follows:

  • Click Start, and then click Control Panel (or point to Settings, and then click Control Panel).

  • Some of you with Windows XP Home Edition have an extra step to perform.
    Double-click Performance and Maintenance.

  • Double-click Administrative Tools.

  • Double-click Services.

  • Double-click Messenger Service in the right hand list of local services.

  • A Messenger Properties window will appear.

  • In the General tab, set the Messenger service's Start Type to Disabled using the pull-down list of Start Types.

  • Also in the General tab, click the Stop button in the Service Status section. Your computer will stop the service if it is currently running.

  • Click OK. The Messenger Properties window will disappear.

  • Click the File: Exit tab in the Services window, and it will disappear.

Those of you comfortable with the Start - Run line may like to do the following instead:
Click the Start Button and then click Run.
Type services.msc and click OK
You should now get a list of services and you can double click the Messenger Service and disable and stop as per the previous procedure.

Note:

If the Messenger service is stopped, messages from the Alerter service are not transmitted. Microsoft have warned that this may affect messages from anti-virus software. My own feeling is that this is unlikely. Which reputable supplier would send such important messages by a service you can disable? Symantec have been asked and responded that their anti-virus software will NOT be affected. I have seen one report on the web that a user lost the messages from his printer when they disabled the Messenger service. This is hardly critical since the printer still prints.

If the Messenger service is turned off, any services that explicitly depend on the Messenger service do not start, and an error message is logged in the System event log. For this reason, Microsoft recommends installing a firewall and configure it to block NetBIOS and RPC traffic instead of turning off the Messenger service. This is particularly relevant to broadband users, where a Firewall is more or less essential.

Further Details

Microsoft has further information on:
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

A highly technical, but probably the complete answer, can be found at:
http://www.ciac.org/ciac/techbull/CIACTech03-001.shtml

A very comprehensive American web site, detailing who is behind some of these Messenger Spams, is run by Spam Slammer. They also have some software, both free and paid for, to block the spam and trace where it is coming from.
http://spam-slammer.com

Acknowledgements

Details from the following web pages were used in the preparation of this note.

http://www.wired.com/news/technology/0,1282,55795,00.html
http://www.its.caltech.edu/its/security/users/windows_messenger.shtml
http://support.microsoft.com/default.aspx?scid=kb;en-us;330904

 

 

 

 


TOP