Windows admin 'feature' poses latest hazard
Published: 20 Aug 2003 15:05 BST
Security experts are warning users to switch off a Windows messaging feature that has been taken over by spammers and could now pose the latest security threat for Windows users.
The feature, known as the messenger service, was originally designed to let a network administrator send warnings to users when, for example, a server is scheduled to go down for maintenance. Last year, bulk advertisers began using the tool to send pop-up advertising messages directly to a user's computer, and researchers say it would be simple for a virus writer to exploit the feature as well. The feature is not related to Microsoft's instant messaging software.
The warnings take on added urgency with the outbreak of several worms over the past few days that are affecting PCs and corporate networks. The MSBlast worm, the "good" Welchia/Nachi worm, a new version of the Sobig virus and the threat of a Direct X attack are all currently causing concern for Windows users.
Jack Clark, spokesman at security software company McAfee, explained that although the messenger service is not a threat on its own, it could easily be exploited to bring further misery for administrators and users. "Someone could write a virus that infects your machine and instructs it to send out those messages to everyone else," said Clark.
The messaging service, using a component called "Net Send", can be used to send a pop-up alert with 128 characters to either a single user, all users on a domain, or all users that have sessions with a particular server. This could allow spammers to send thousands or even hundreds of thousands of messages from a single command in a DOS shell, although Microsoft's Web site advises people to "use discretion when sending messages to multiple users".
Alex Shipp, a senior antivirus technologist at email security company MessageLabs, agreed the message service is a threat and recommended that administrators make sure it is turned off. "I haven't come across anyone in the past year that has used the messenger service. In general, things you are not using should be turned off -- it is probably best not to leave it up to the poor end user to make those decisions," he said.
In order to switch off the messenger service in Windows XP, Go to the Start button, click on Control Panel, Admin tools and choose Services. Then double click on Messenger and change the Start-Up type to Disabled. Finally, reboot the PC.
Microsoft was not available for comment.
Did you find this article useful?
37 out of 93 people found this useful
- Share this article:
Full Talkback thread
6 comments
-
I agree - pop up messages like this are becoming a... Kenny Millar -
Many thanks for your simple solution and instructi... Keith Deines
-
In case you happen to use the messenger service fo... Metalbunny
-
This is a bit of a stretch, as the NET SEND comman... Greg Kujawa
-
The bloated virus magnet with the initials MS stri... Billy Goats
-
While I'm concerned about the security issues, I f... Anonymous
