Slashdot Mirror
Fighting Back Against Messenger Popup SPAM
An anonymous reader asks: "I recently re-installed XP (out of boredom and not necessity) and forgot to turn off the Windows Messaging service. Things were going fine, until today. I started getting those annoying popups again. I realize that I can turn off this service and I'll no longer get the messages, but, I want a way to 'take back the internet' and not have to worry about others getting these messages either.
Normally, these messages are the typical University Degree spam, but the last one I got was for a piece of software that turns off the messaging service. And as everyone knows, there are some people on the net who'll pay for this. So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?"
(Hasn't really worked as of yet).
Well, you could write your own popup spam that tells people how to turn off popups for free.
Get a copy of the program and start sending out announcements on how to disable the Messenger service.
Just don't make it read like typical spam, or people will ignore it too.
There was an "Ask Slashdot" a while back that asked, basically, "How do I block these popups that are accessing port 139 without a firewall?" The answer was a resounding "Use a firewall you fucking moron!" I think the same answer is applicable here. ZoneAlarm is a free product that will end this for you.
I think what you're looking for is a nice computer running Linux or MacOS, which doesn't suffer from the problems you describe.
You have given new meaning to the term "boredom". Time to go update the entry on everything2...
It's called a firewall -- block port 139 and shut the hell up you whiny baby.
Do you lock your car when you leave it at night? No? Let's find a way to take back your driveway!! I wonder what we could do?
Do you keep cookies in a jar where the kids can get to it? No? Let's find away to take back the Oreos and Chips Ahoys!!! I wonder if the slashdot community can help you?
Stop worrying about "taking back the internet" when you, personally, never had it in the first place. Last I checked, it's not illegal to send packets or emails or whetever to random people on whetever port you want to.
These kinds of things will happen if you're stupid about how you connect your computer to a hostile environment. Get you rear out of your arse and plug the hole instead of rising up on some majestic soapbox as a wannabe internet vigilante.
How's this for an idea: Make it illegal to hack into someone's computer and display advertisements.
What's that? It IS illegal to hack into someone's computer no matter what the purpose? Woops!
-- 'The' Lord and Master Bitman On High, Master Of All
It's no hack. This is analogous to me screaming: GIVE ME CREDIT CARD APPLICATIONS! GIVE GIVE GIVE GIVE! I TAKE THEM HERE! STUFF THEM INTO MY PANTS! Then whining when I can't find my cack.
Don't give me that fucking reactionary bullshit. It's not 'hacking'.
OK, for the uninitiated (who don't have the know-how to do this themselves but do have the savvy to ask other, more-enlightened /.ers), how is this done in Windows 2000, XP, etc?
No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect. If you're going to open up port 139 to the world, you have to expect people sending packets to it. It's no different than any other service.
So, how can the people of the net fight back to ensure that these messages stop, and more importantly, these people stop preying on the less-technically inclined?
You can't. What they're doing isn't illegal, and arguably it shouldn't be. And even if it were, they'd just move their operations off-shore.
This isn't really a free speech issue-- commercial speech isn't covered by the same rules that govern other forms of expression-- but what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
Sorry. Can't, or at least shouldn't, be done.
Now, if you wanted to take a different tactic, you could approach Microsoft through the appropriate channels to request that the Messenger service be off by default, or to have them remove it altogether. That might or might not work, but you could try.
I write in my journal
1) My computer "listening" for packets which would erase my data (just like many bugs which have been reported on slashdot) would not even be given a second thought. Nobody would be saying "Well, you're the one who bought an OS and didnt have complete foreknowledge of all the services and what they entailed" and taken seriously.
2) as for your first point, though it's been covered in the first part of my message as well, I just thought I'd mention
-- 'The' Lord and Master Bitman On High, Master Of All
Um, buy a Mac? If you don't like the tool you use, consider the alternatives...
--
$tar -xvf
Well if this were only effecting LAN you could just walk up and punch the guy, couldnt you? :)
My dad's gotten these messages through the 'net, though, so I doubt all this "broadcast" stuff is real. Probably cycling IPs just like WinNuke ("I didnt know it was wrong!")
-- 'The' Lord and Master Bitman On High, Master Of All
2) Someone brought a suit. So? You can sue for anything. If it's ever judged (not settled) in favor of the plaintiff, then it would have some relevance.
I guess this is just an issue of what each of us considers a bug.
I consider a system intended for the administrator of a network to send messages, being able to be used by someone who is not the administrator of the network, a bug.
I consider any exploitation of any bug which allows you to access, modify, or present information which you were not intended to be able to access, modify, or present to be hacking.
-- 'The' Lord and Master Bitman On High, Master Of All
The show The Screen Savers on Techtv bitchs about this constantly. They have asked Microsoft before to release some sort of patch but they don't feel its necessary. Besides being annoying, it is really easy to create a batch file that does a net send DOS attack. Microsoft needs to provide an easy way off turning off the messenger service.
Hacker Media
No one's "hacking into" any computers. Do you "hack into" the webserver when you request a page? Your computer has to be listening on port 139 for these messages to have any effect.
Spoken like a true geek. However, you are extending an abstraction into higher levels than is necessarily appropriate. From my grandma's perspective, the TCP/IP level mechanism is irrelevant. She wants to know where the hell these weird messages are coming from.
Just because XP automatically installs a service that listens on port 139 doesn't or shouldn't necessarily mean that I as a naive user am going to be expecting packets at that port. Taping a "KICK ME" sign to someone's butt doesn't mean they want to be kicked either. Not everyone views these things strictly at the level of the socket API.
NOTE TO HACKERS: To force Micro$oft to patch the annoying adware in there buggy software, attack on M$ messeger - port 139 - use all DoS, virus, macro and all other attacks
Just enable XP's firewalling or disable the messenging service in Start/Settings/Control Panel/Administrative Tools/Services and disable Messenger.
Can I get an eye poke?
Dog House Forum
The was my school's network is set up, I can only 'see' the computers on my floor. So if I get a netsend message, I have a very limited group of people to choose from. Once I look up the names on the computers I can see, it's not hard to find the message sending one...
Cogito ergo sum in Slashdot.
Violence is always the answer. ;) If at first you don't succeed, you're just not using enough violence.
Repeal the DMCA!
There has been some bad modding in this topic.
Most comments giving advice on how to disable the Messenger service have been modded down.
And there's one comment above which advises switching to the Mac; it was modded *up*!
Please mods, be a little bit sensible about your job.
> I recently re-installed XP
See, there's your problem right there. The messages are coming in through a method that *your* computer is setup to allow. You have specifically installed a piece of software to allow people to send you popup messages.
If you don't want to receive messages from people you don't know, stop installing software that receives them!
(and this really isn't meant to be a Windows flame. It's just that if you don't want your computer to behave a certain way, maybe you shouldn't install software that makes it behave that way.)
- Muggins the Mad
Joe user should not diable it. It a nice way to tell them their computer is infected by whatever worm hits your firewall/IDS. Message them to install a firewall like ZoneAlarm. It will solve more than the popup issue.
alas they'd also have to block legit SMB/CIFS access, yes?
/really/ needs it can set up an IPSec VPN to use it safely.
Of course, that's in many ways a good thing, and anybody who
I didn't see anything there saying that you use or particularly enjoy MSN Messenger, do you? Personally, I hate it. All M$ programs end up linking into its shared libs for some odd reason, meaning that if it or IE or explorer go down, the ship goes down. Copy and paste this into your "Run..." : RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove Make sure Messenger is not running first, of course.
- Cloud
This is the system messenger utility that ostensibly is for legitimate network messages in the workplace such as "the server will be down for on hour starting in five minutes. please close all documents from the server", etc. and alerts to admins when certain events fire on the systems.
A home user should not need to have this enabled (unless you are playing with a small home network and are looking at legit messages) - follow the directions other posters on disabling this service.
Conscientious admins should have this blocked at their demarkation line or should disable it in their network altogether if they do not use it.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.
What is needed (as ever) is customer education, and if the customer doesn't see the problem then that's not going to happen, is it? The ISP where I work sells the option of having a basic stateful firewall on the CPE router that stomps on this kind of thing as a managed / one-off service. It's not intended as a dedicated firewall replacement, it's intended as a first pass at cleaning up incoming and outgoing traffic for SMEs. Essentially, we determine with the customer what traffic they may need to pass and simply drop the rest, hopefully giving some customers a better idea of security in the process. It's good for us, because it's dropping the number of customer network compromises we have to deal with and it's turning into quite a respectable revenue stream. It's good for the customer, because it's protecting them from some hostile traffic on the Internet and they feel safer for it. The most important thing is to make sure that the customer doesn't get the "I've got a firewall, so I'm safe" mentality (back to user education again).
We all know that the Internet has become a very hostile place to be since its rise to being a mass market commodity product, but ultimately ISPs are not, and should not, be held responsible for that (unless it's their servers that are stuffed). To use a tried and trusted analogy premise, that's like blaming car dealers for the increase in risk caused by the growing number of cars on the roads. A car dealer should show you the location of the controls in your new car, maybe even make sure you have a license and valid insurance, but not give you a driving test. Once you own your new car, it's up to you to make sure you drive and park safely, keep it locked, don't leave valuables on the back seat and keep it serviced. If you can't or don't do any of those things, and don't take advantage of the people who will help or do those things for you then, ultimately, who is to blame when things inevitably go horribly wrong?
UNIX? They're not even circumcised! Savages!
Connecting to a random IP address and having the machine do something that you know has a 99.9% chance of annoying the user that runs it is generally considered hacking. The hacker is doing something that annoys the owner of the computer, to the financial benefit of the hacker.
Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).
If you are causing another person's computer to do something that they do not want it to do, and that you know that they probably do not to want it to do that, then you are hacking. End of story.
OS Software is like love: The best way to make it grow is to give it away.
Click "Start | Programs | Administrative Tools | Services". Find the "Messenger" service on the list, stop it, and set it to "Disabled". Would you be more likely to download some bloated 4MB patch from Windows Update that did the same thing? Would you prefer a desktop icon that turns it off, right next to your "Free AOL and Internet" icon?
If someone is sending Popup messenger SPAM then they must be using a system that has port 139 open as it's establishing a NetBIOS connection to your machine.
If it's a windows box they are using then you might be able to DoS them using various tools that are available for this purpose. If you are reasonably smart you will be able to automate this process so that every popup sender that your box detects get's auto DoS'ed.
Naturally check their box for open shares and trash everything you can first. Fuck spammers.
Leaving your car unlocked does not make my stealing your radio (or your car) illegal. Locking it is only meant to slow down / discourage the illegality. It also signifies to an erronious but law-abiding citizen that they have the wrong car (key doesn't fit).
Yah, well if you park your car on the street then someone is allowed to leave a note on the windsheild with information on how to get free university diplomas. No one is 'stealing your car/computer' here. Mabey if someone sent a net send of death that changed your admin pass, that would be hacking. Displaying a message isn't. If someone goes up and down the ICQ UID's and messages each with an ad, are they hacking your computer too?
and alerts to admins when certain events fire on the systems.
ALERT: The system is on fire!
Yup, definitely a needed Windows service! *tee hee*
If you're a zombie and you know it, bite your friend!
WTF don't you have a firewall? If you are getting popups with the Messenger service you are NOT blocking the RPC ports and these popups may be the least of your trouble.
Start blocking those ports.
I run the bull. board at a local public access tv station that airs whenever we dont have any programming (quite often) and it's basically a powerpoint pres. running off a win 2k machine. I happened to turn on the tv one day after the netadmin had made some changes to the network, and saw 3 popups over top of the bull. board. This was 3 am, so i had to wait until the next day to go in and fix it, but the boss wasn't too happy with me.
No, but whose fault is it if you buy a pair of pants with "KICK ME" emblazoned on the backside, and you complain that people kick you all the time, even though you didn't possess the technical inclination to look on the ass for any signs, markings or invitations to random passerby?
Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
No, but whose fault is it if you buy a pair of pants with "KICK ME" emblazoned on the backside, and you complain that people kick you all the time, even though you didn't possess the technical inclination to look on the ass for any signs, markings or invitations to random passerby?
Or the technical ability to even realize such markings are there! "KICK ME" can be written in languages that you just don't know! OR it can be written in invisible ink that is only visible with special goggles. My grandma isn't going to run a portscanner on her machine as soon as she unwraps it on Christmas. I mean, give me a break. It's beyond reasonable to suggest that she as an end user should even have to. Stuff happening at the TCP/IP layer on a default XP install is the responsibility of Microsoft. Period.
You hear that? It's the world's smallest copy of Winamp playing sad, sad pirated MP3's just for your grandma. Incidentally, WinXP comes with a rudimentary, though effective Internet Connection Firewall that takes one click to activate.
The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.
Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
The Internet isn't pretty, it isn't clean and it isn't proper. Just because Granny can't keep up with the times and learn how to operate machinery properly doesn't mean that Microsoft's gotta bow down and de-evolve their OS even further towards the lowest common denominator.
No, but they can at least refrain from running servers by default on a simple install of XP Home. You have to consider who your users are when adding features and deciding which ones are turned on right out of the box.
That's a good question. Given that no implicit permission has been given to access the computer, I'd say that the answer is, in all probablility, yes. When someone puts a message on your winshield, they are using their own resources to do so. If someone paints the message on the side of your car, then that is vandalism. Forcing pop-up messages onto unwanting screens is in a bit of a no-mans land between the two. You are using someone else's machine to do this. You know that this is, most probably, unwanted and uninvited.
The sentiment is strong enough against spammers, that I think it might be quite possible to convince a judge that this fits the definition of 'hacking'. All of the necessary elements are there. I don't know what elements are missing. Given that you've got the hots to be doing this, you tell me what elements of hacking a computer are missing in this scenario.
The internet is not a free-fire zone. You are only allowed to access those ports and machines that you've been given permission to access (either implicit or explicit). Implicit access would be things like accessing an advertized web site, or an MX for the domain of someone who wants you to send them email.
When you access a port that many people aren't fully aware is open to produce a message that 99.99% of people are going to be annoyed by that seems to me like unauthorized access.
OS Software is like love: The best way to make it grow is to give it away.
The fact that some (not all) spam is "commercial speech" is irrelevant. What is relevant is that spam violates the property rights of the recipients and the transmitting ISPs.
what you're basically saying is, "Some people are saying something that I don't like. I know that I can just stop listening to them, but I want to do more. How can I fight back to ensure that they have to stop saying what they're saying?
No, what we're basically saying is, "Some people are stealing my bandwidth. How can I fight back to ensure that they go to jail just like people who get caught stealing anything else?"
/. If the government wants us to respect the law, it should set a better example.
Run these for a quick way, put a server as the first argument to deploy across networks quickly.
sc.exe stop Messenger
sc.exe config Messenger start= disabled
alternativly you can do the following to set it to 'Manual'
sc.exe config Messenger start= demand
No more Messenger, most users can understand this quite easily and can type the commands from the Start > Run menu w/o sweat.
You DONT simply shut off your services, you DO put a firewall in place. The last thing you want your box doing is sending OS-specific RSET packets to an attacker/sniffer.
I want to delete my account but Slashdot doesn't allow it.