"Messenger Service" screen.

[Dmitri]

For the past year now, I have been getting sporadic pop-ups appearing
on my computer from a "Messenger Service" screen. They all seem to be
advertising, ironically enough, a pop-up blocker of some kind. One of
them is avaiable at messengerblocker.com (I think) and other at a now
forgotten address. The point is that I have used every program
possible to counteract this. I have currently downloaded "Spy Sweeper"
"Spy Bot" and "Ad-Ware." While they have done a good job at blocking
the other spyware, they can't seem to get this one. Could someone tell
me where it's from and how to delete. Its becoming extremely annoying.


Thanks.

[siljaline]

On 22 Sep 2003 20:45:45 -0700, Leybman@aol.com (Dmitri) wrote:

>For the past year now, I have been getting sporadic pop-ups appearing
>on my computer from a "Messenger Service" screen. They all seem to be
>advertising, ironically enough, a pop-up blocker of some kind. One of
>them is avaiable at messengerblocker.com (I think) and other at a now
>forgotten address. The point is that I have used every program
>possible to counteract this. I have currently downloaded "Spy Sweeper"
>"Spy Bot" and "Ad-Ware." While they have done a good job at blocking
>the other spyware, they can't seem to get this one. Could someone tell
>me where it's from and how to delete. Its becoming extremely annoying.
>
>
>Thanks.

http://www.spywareinfo.com/articles/spam/messenger.php

HTH


--
siljaline

"Arguing with anonymous strangers on the Internet is a sucker's game
because they almost always turn out to be -- or to be indistinguishable from
-- self-righteous sixteen-year-olds possessing infinite amounts of free time."
- Neil Stephenson, _Cryptonomicon_

[Jay T. Blocksom]

On Tue, 23 Sep 2003 15:34:26 -0400, in <alt.privacy.spyware>, Pat
<patsite@XXcalandyrXX.com> wrote:
>
> In article <e9291109.0309221945.38b822f3@posting.google.com >,
> Leybman@aol.com says...
> > For the past year now, I have been getting sporadic pop-ups appearing
> > on my computer from a "Messenger Service" screen.
[snip]
>
> Try grc.com, there is a little utility that can help

No, don't. You don't need any of Gibson's snake oil to disable Windows
Messenger. Just follow the instructions:

<http://www.itc.virginia.edu/desktop/docs/messagepopup/>

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[AlanB]

Jay T. Blocksom wrote:
> On Tue, 23 Sep 2003 15:34:26 -0400, in <alt.privacy.spyware>, Pat
> <patsite@XXcalandyrXX.com> wrote:
> >
> > In article <e9291109.0309221945.38b822f3@posting.google.com >,
> > Leybman@aol.com says...
> > > For the past year now, I have been getting sporadic pop-ups
> appearing > > on my computer from a "Messenger Service" screen.
> [snip]
> >
> > Try grc.com, there is a little utility that can help
>
> No, don't. You don't need any of Gibson's snake oil to disable
> Windows Messenger. Just follow the instructions:
>
> <http://www.itc.virginia.edu/desktop/docs/messagepopup/>

Bad advice. Potentially harmful, even. Turning off Messenger Service only
cures the symptom not the problem, which is a wide open port. A proper
firewall will cure the real problem.

[Jay T. Blocksom]

On Sat, 27 Sep 2003 15:56:55 -0700, in <alt.privacy.spyware>, "AlanB"
<foxpro@comcast.com> wrote:
>
> Jay T. Blocksom wrote:
> > On Tue, 23 Sep 2003 15:34:26 -0400, in <alt.privacy.spyware>, Pat
> > <patsite@XXcalandyrXX.com> wrote:
> > >
[snip]
> > >
> > > Try grc.com, there is a little utility that can help
> >
> > No, don't. You don't need any of Gibson's snake oil to disable
> > Windows Messenger. Just follow the instructions:
> >
> > <http://www.itc.virginia.edu/desktop/docs/messagepopup/>
>
> Bad advice. Potentially harmful, even. Turning off Messenger Service
> only cures the symptom not the problem, which is a wide open port. A
> proper firewall will cure the real problem.
>

Nonsense.

You are confusing two completely separate issues.

To the extent that "open ports" are a concern, they are a concern for all
65,000+ possible TCP ports. Should that concern be addressed? Of course.
But this has NOTHING to do with Windows Messenger, per se -- or with any
other particular application, for that matter.

Secondly, unless you have a local LAN (sitting wholly behind a proper
firewall) *and* specifically wish to send "pop-up" messages between the
various workstations on that LAN, then Windows Messenger service most
definitely *should* be disabled (per the instructions I provided a pointer
to), regardless of any "open ports" issue.

Furthermore, the fundamental point of my article remains: You do *NOT* need
(or want!) any of Steve Gibson's crapola snake-oil to address *either* of
these issues. As you pointed out, the former issue is correctly addressed
by the use of a proper (generally meaning "hardware"; i.e., a stand-alone
bastion host) firewall; the second issue is correctly addressed by disabling
the Windows Messenger service.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[AlanB]

Jay T. Blocksom wrote:
> On Sat, 27 Sep 2003 15:56:55 -0700, in <alt.privacy.spyware>, "AlanB"
> <foxpro@comcast.com> wrote:
> >
> > Jay T. Blocksom wrote:
> > > On Tue, 23 Sep 2003 15:34:26 -0400, in <alt.privacy.spyware>, Pat
> > > <patsite@XXcalandyrXX.com> wrote:
> > > >
> [snip]
> > > >
> > > > Try grc.com, there is a little utility that can help
> > >
> > > No, don't. You don't need any of Gibson's snake oil to disable
> > > Windows Messenger. Just follow the instructions:
> > >
> > > <http://www.itc.virginia.edu/desktop/docs/messagepopup/>
> >
> > Bad advice. Potentially harmful, even. Turning off Messenger
> Service > only cures the symptom not the problem, which is a wide
> open port. A > proper firewall will cure the real problem.
> >
>
> Nonsense.
>
> You are confusing two completely separate issues.
>
> To the extent that "open ports" are a concern, they are a concern for
> all 65,000+ possible TCP ports. Should that concern be addressed?
> Of course. But this has NOTHING to do with Windows Messenger, per se
> -- or with any other particular application, for that matter.
>
You seem to have completely missed the point, which I guess needs to be
spelled out for the slow learner group. The fact that someone is receiving
Messenger Service spam means that they don't have a firewall set up.
Turning off Messenger Service does nothing since they are still open to all
sorts of other parasites. This is the issue that should be addressed, not
whether the service is on or off. When you tell them to turn off the
service to stop the messages, it's harmful advice since they think they have
solved the problem, but with no firewall set up, worse problems lie ahead.

[sponge]

On Thu, 9 Oct 2003 08:38:10 -0700, "AlanB" <foxpro@comcast.com> wrote:

>Jay T. Blocksom wrote:
>> On Sat, 27 Sep 2003 15:56:55 -0700, in <alt.privacy.spyware>,
"AlanB"
>> <foxpro@comcast.com> wrote:
>> >
>> > Jay T. Blocksom wrote:
>> > > On Tue, 23 Sep 2003 15:34:26 -0400, in <alt.privacy.spyware>,
Pat
>> > > <patsite@XXcalandyrXX.com> wrote:
>> > > >
>> [snip]
>> > > >
>> > > > Try grc.com, there is a little utility that can help
>> > >
>> > > No, don't. You don't need any of Gibson's snake oil to
disable
>> > > Windows Messenger. Just follow the instructions:
>> > >
>> > > <http://www.itc.virginia.edu/desktop/docs/messagepopup/>
>> >
>> > Bad advice. Potentially harmful, even. Turning off Messenger
>> Service > only cures the symptom not the problem, which is a wide
>> open port. A > proper firewall will cure the real problem.
>> >
>>
>> Nonsense.
>>
>> You are confusing two completely separate issues.
>>
>> To the extent that "open ports" are a concern, they are a concern
for
>> all 65,000+ possible TCP ports. Should that concern be addressed?
>> Of course. But this has NOTHING to do with Windows Messenger, per
se
>> -- or with any other particular application, for that matter.
>>
>You seem to have completely missed the point, which I guess needs to
be
>spelled out for the slow learner group. The fact that someone is
receiving
>Messenger Service spam means that they don't have a firewall set up.
>Turning off Messenger Service does nothing since they are still open
to all
>sorts of other parasites. This is the issue that should be
addressed, not
>whether the service is on or off. When you tell them to turn off the
>service to stop the messages, it's harmful advice since they think
they have
>solved the problem, but with no firewall set up, worse problems lie
ahead.

The first and foremost advice is to ALWAYS turn off unneeded services;
that way, even if your firewall gets nuked, you still are safe from
being attacked/victimized through exploits that would use that
service. A more common example would be to disable NetBIOS/File &
Print sharing on a non-networked client.

Sure, it's certainly true that a firewall is a necessity these days.
There has been an ongoing debate among us security folks whether you
really need a firewall if you disable vulnerable services. I would
say, unequivocally, yes, because even if you disabled all "services"
there are simply too many holes in OS' and core services, which can't
be disabled or which are necessary for virtually everyone. Even though
it's theoretically true that if a machine is running nothing it can't
be hacked, the reality is that all systems run services of some kind,
no matter what they do, and all may be susceptible to core protocol
stack flaws.

Bottom line is, if you want any real security, you need multiple, even
somewhat overlapping approaches. Firewalls are a must. Disabling
unnecessary services is a must. And, frankly, which kind of firewall
and other security products and procedures you need will be determined
largely by the services you need to run.

Inasfar as the particular issue, it is not true that because a person
is receiving messenger spam, they are not running a firewall; it can
be misconfigured, a POS, or the user may have a legitimate need to use
certain services. Windows Messenger normally uses UDP protocol.
Specifically, WM is tied RPC services, which allow a client and server
to interact as if the client were running the server's applications
itself. UDP is connectionless and stateless, so the Stateful Packet
Inspection elements of popular firewalls, particularly the hardware
ones, may not necessarily filter it, although modern 'walls make some
attempt to establish state with UDP. The RPC service isn't just used
for WM; it's also used by a lot of legitimate services, and if the
user needed those services to be available, then they'd have to allow
access to UDP port 135, 1025+, etc. Without higher-level protocol
filtering available (e.g. an IPS, or at least an active IDS like Snort
with FlexResp), then there is no way to distinguish and RPC request
like Windows Messenger from a database access or anything else that
may use RPC.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 et yahoo dot com