Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: thecow who wrote (34883)	6/22/2003 12:06:27 PM
From: Proud_Infidel	Respond to of 110614

THE BYE BYE ADS SCAM Brian Grainger icpug.org.uk brian@grainger1.freeserve.co.uk Within the last week I have had two people coming to me with the same problem. A company called ByeByeAds was somehow repeatedly sending messages to their computers when they were connected to the Internet. The message from ByeByeAds was that a port on the computer was open and for a sum of money they could tell the user how to close it. This is a scam because the port in question, (135), cannot really be closed, but a solution can be obtained free of charge if you know where to look. As these messages could be sent to anyone with Windows XP, especially those on broadband, I felt some help may be needed by more of you out there. This feature summarises the results of my investigations. The Problem A new breed of pop-up ads is appearing mysteriously on Microsoft Windows users' computers. The so-called "Messenger spams" have recipients fuming. The Messenger service, originally designed to enable system administrators to send messages to users on a network, can be used by unauthorised users of your computer without gaining any kind of privileged access. By tapping into the Messenger service, advertisers anywhere in the world, such as ByeByeAds, can deliver completely anonymous and virtually untraceable ads straight to the screen. The Messenger service, not to be confused with Microsoft's MSN Messenger chat client, is enabled by default on Windows 2000, NT and XP systems, so such systems are easy to target. All that is required is for the advertiser to sniff out the IP address being used while online. Obviously this is easier to do with always on broadband connections but dial-up users have been known to receive such messages. Workaround Solution The workaround solution is to disable the Messenger service as follows: Click Start, and then click Control Panel (or point to Settings, and then click Control Panel). Double-click Administrative Tools. Double-click Services. Double-click Messenger Service in the right hand list of local services. A Messenger Properties window will appear. In the General tab, set the Messenger service's Start Type to Disabled using the pull-down list of Start Types. Also in the General tab, click the Stop button in the Service Status section. Your computer will stop the service if it is currently running. Click OK. The Messenger Properties window will disappear. Click the File: Exit tab in the Services window, and it will disappear. Note: If the Messenger service is stopped, messages from the Alerter service, (notifications from your antivirus software, for example), are not transmitted. If the Messenger service is turned off, any services that explicitly depend on the Messenger service do not start, and an error message is logged in the System event log. For this reason, Microsoft recommends installing a firewall and configure it to block NetBIOS and RPC traffic instead of turning off the Messenger service. This is particularly relevant to broadband users, where a Firewall is more or less essential. Further Details Microsoft has further information on: microsoft.com A highly technical, but probably the complete answer, can be found at: ciac.org Acknowledgements Details from the following web pages were used in the preparation of this note. wired.com its.caltech.edu support.microsoft.com