oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
Windows XP Hacks

Shooting the Windows Messenger Service

by Preston Gralla, author of Windows XP Hacks

On November 6, the Federal Trade Commission (FTC) warmed the hearts of anti-spammers everywhere when it convinced a U.S. District Court to issue a temporary restraining order shutting down a spamming company for using the Windows Messenger Service to deliver unwanted pop-ups. In taking its action, the FTC threw a spotlight on one of the most recent and most obnoxious kinds of pop-ups in the spammers' arsenal. These particularly nefarious pop-ups used the Windows Messenger Service to deliver text pop-ups to people's desktops, even if they weren't running a browser.

In this article, I will show you what you can do to protect yourself from this type of spam. But, first, let's take a brief look at the FTC complaint.

The FTC Action

The FTC complaint was issued against D Squared Solutions, LLC, based in San Diego, California, and its officers Anish Dhingra and Jeffrey Davis. Howard Beales, Director of the FTC's Bureau of Consumer Protection, called what the company did "nothing more than a high-tech version of a classic scam." According to the complaint, the spammers would deluge people with pop-ups, sending them to each person as frequently as every ten minutes. The pop-ups would advertise, you guessed it, software that would kill the pop-ups. Talk about chutzpah! In addition, the complaint alleges, the web site run by D Squared offered to sell software that would allow anyone to blast pop-ups to 135,000 Internet addresses every hour and included a database of more than 2 billion unique addresses.

If you're interested, you can read the press release about the complaint. And if you'd like to file a complaint against a spammer, use the FTC's online complaint form. Or you can bypass the complaint form and instead forward the spam directly to the FTC at UCE@FTC.GOV.

So What's Going On?

First, a caveat: The Windows Messenger Service bears no relation to Windows Messenger or to any other instant messenger for that matter. The Windows Messenger Service was designed for sending messages over local area networks. For example, whenever you get a text message from a network administrator telling you that a server is about to go down, the Windows Messenger Service is at work.

However, a little more than a year ago spammers of all kinds discovered that they could use Windows Messenger Service to blast their text-based pop-up messages to millions of IP addresses across the Internet. Recipients of the messages have been baffled by the pop-ups because the pop-ups are not connected to a browser or to any other application, for that matter. You don't need to be surfing the Web to get them. You only need to be connected to the Internet. Cable users and DSL users were particularly prone to them because those users have always-on connections.

How bad have they become? Several months ago I bought a new laptop and within ten minutes of plugging it into my home router the first pop-ups began appearing.

What Can You Do?

Luckily, it's easy to kill these pop-ups in XP, as I outline in my book Windows XP Hacks. To do so, you'll have to disable the Windows Messenger Service. Run the Microsoft Management Console by typing in services.msc at a command prompt, or via the run box, and pressing Enter. Double-click on the entry for Messenger, and the screen shown in Figure 1 appears. Choose Disabled as the Startup type, and click OK. Pop-ups will no longer get through. Of course, neither will any network messages from administrators delivered using the service; because of spam, though, the service is being used much less frequently than before. In fact, when Microsoft delivers its next XP service pack, the pack will disable the Windows Messenger Service. So, if you want to use it after that, you'll have to turn it on manually using the Microsoft Management Console.

Screen shot

Figure 1. Choose Disabled as the Startup type, and you'll be free of Windows Messenger spam.

The Windows Messenger Service uses port 135 to deliver messages, so you can kill messages without disabling the service in XP. Instead, you can disable port 135 so that no inbound Internet traffic can use that port to deliver messages. Obviously, how you do this varies according to your network setup. But if you're using a Linksys router at home, go to the router administrator screen and choose Advanced -> Filters. In the Filtered Private Port Range, choose both and for the range type, type in 135 twice. Click on Apply. The pop-ups should now be disabled. You can also disable that port using a firewall called XP's Internet Connection Firewall, or ZoneAlarm, from ZoneLabs.

Editor's note: For more details on disabling the Windows Messenger Service, check out Hack #33, "Stop Pop Up, Spyware and Web Bugs" in Windows XP Hacks. You'll also find out how to install firewalls — another way to kill the pop-ups. If you're a Windows XP power user, be sure to check out the 99 other really cool and timely XP hacks in Preston's book.

O'Reilly & Associates recently released (September 2003) Windows XP Hacks.

Preston Gralla is the author of Windows Vista in a Nutshell, the Windows Vista Pocket Reference, and is the editor of He is also the author of Internet Annoyances, PC Pest Control, Windows XP Power Hound, and Windows XP Hacks, Second Edition, and co-author of Windows XP Cookbook. He has written more than 30 other books.

Return to the O'Reilly Network.