Last updated:
22 October 2006;
Supplements this
Knowledgebase Article.
Preventing Windows Messenger SPAM
Recently, there has been a proliferation of
SPAM via the Windows Messenger service. These are not your normal Internet
Explorer pop-ups, nor are they the pop-ups associated with Instant Messenger
applications such as AIM, Yahoo Messenger or MSN Messenger.
While most instructions will tell you to disable the Messenger Service to rid
yourself of these
pop-ups, the real solution to this problem is to install a proper hardware or software firewall (or both) between your machines and the Internet.
If you already have a firewall, and it is not preventing these pop-ups, then
it is not properly configured.
If you simply turning off or disable the
Messenger service, but you do not deploying or configure a firewall (or
other IP filtering solution), you will be leaving your system or network vulnerable to
external NetBIOS attacks.
It's only a matter of time before your system will be compromised by a
direct attack, or some Internet Worm (similar to the
Code Red,
NIMDA or
SQL Slammer outbreaks).
To reiterate: If you're suffering from
SPAM via
Messenger Service pop-ups, then either your computer or your network or both are not
properly protected. Turning off the service is not enough.
To stop this type of SPAM, you'll want to
block inbound traffic to your NetBIOS/SMB ports
(TCP/UDP 135, 137-139, 445). There is no reason
to have these ports open for inbound Internet traffic. If you must
provide NetBIOS connectivity to remote networks, then be sure to deploy a
VPN or, less desirably, restrict traffic via IP.
UPDATE: On July 16th, 2003, a patch was released for
an
RPC Vulnerability in Windows. Exploit code for the vulnerability was
released less than a week later. This vulnerability operates via TCP
135 and other ports, and will allow a machine to be compromised by a remote
attacker. The patch for this vulnerability can be found at
Microsoft's security site. (It was also distributed via
Windows Update).
A virus which
exploits this vulnerability (Backdoor.IRC.Cirebot)
has already been found in wild.
Messenger Service vs. MSN
Messenger
In another episode of crazy
Microsoft naming, there are not one, but TWO Windows components/services responsible for communication between systems. Both are generically referred to as the
Windows Messenger Service.
People new to Windows 2000 and XP will likely hear this description and think of the Instant Messenger products such as Yahoo
Messenger, AIM, ICQ and MSN Messenger.
People who have used NT 3.x and Win3.x will be more acquainted with the old school Messenger service which facilitates
NET SEND messages.
The anti-SPAM information found in the previous section refers to the native, text-based service
(Messenger) and not the GUI-based
Instant Messaging app (MSN Messenger).
To address SPAM with the text-based service, be sure to lock down your NetBIOS connectivity from the Internet.
To
address SPAM with the GUI-based app, don't tie your account to Hotmail or list your account in the public Messenger directory.
Instant Messaging ProductsTo add to the confusion, there are no less than
four versions of Instant Messaging clients available from Microsoft today:
MSN Messenger is more tightly integrated to Microsoft's MSN Internet Service, but works almost identically to Windows
Messenger 4.7
Windows Messenger 4.7 is only available for Windows XP whereas MSN Messenger 5.0 is available for the following:
Windows 98/ME Windows NT4 Windows 2000 Windows XP
(Pro & Home)
MSN Messenger is also available for other platforms such as the Mac, the Pocket PC, and Microsoft TV.
There is reason to
believe that there will be some consolidation among the Instant Messenger
applications in the near future -- thankfully. In all likelihood, the
Windows Messenger service will be around for a few more versions of the
Operating System.
For those people
who prefer to use a different Instant Messenger product, and would like to
properly uninstall the Windows/MSN Messenger application, just follow the
instructions below:
Related Knowledgebase Articles
|
