Messenger Service scam?

[Guest]

I am getting those grey pop-up windows, headed "Messenger Service" .... below that it says "Message from Microsoft Networks" .... then "Microsoft Security Bulletin MS03-043" .... then a list of affected Windows software .... then it says "Your system is affected, download the patch below" ... then it has the URL (www.windows-patch.info) and says to paste it into your browser and click an OK button. This is NOT email and I don't believe Microspft is sending these because the latest one said Messenger Service, but now had information on enlarging your penis! I think this is a serious breach of Microsoft's name and needs to be stopped. I cannot get into Microsoft to advise them but they should be aware of this
Anyone else had this happen? I have antivirus and two firewalls! How is this getting through
Bob

 

[bud]

Your firewall should stop those but if not go to administrative services and
scroll down and find messenger service. Double click it and set it to
disable. These are not from Microsoft and messenger service is not the
messenger program you use to chat with buds.
So just disable it.

I am getting those grey pop-up windows, headed "Messenger Service" ....

below that it says "Message from Microsoft Networks" .... then "Microsoft
Security Bulletin MS03-043" .... then a list of affected Windows software
..... then it says "Your system is affected, download the patch below" ...
then it has the URL (www.windows-patch.info) and says to paste it into your
browser and click an OK button. This is NOT email and I don't believe
Microspft is sending these because the latest one said Messenger Service,
but now had information on enlarging your penis! I think this is a serious
breach of Microsoft's name and needs to be stopped. I cannot get into
Microsoft to advise them but they should be aware of this!

 

[Bruce Chambers]

Greetings --

It's a scam, trying to get you to buy an update that Microsoft
provides free of charge. It's also a very clear warning that your PC
is wide open to anyone on the Internet who wants to hack it.

This type of spam has become quite common over the past several
months, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you may well be open to other threats, such as the Blaster Worm that
recently swept cross the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger
service, as some people recommend, only hides the symptom, and does
little or nothing to truly secure your machine.) And ignoring or just
"putting up with" the security gap represented by these messages is
particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Whichever firewall you decide upon, be sure to ensure
UDP ports 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_
blocked. You may also disable Inbound NetBIOS (NetBIOS over TCP/IP).
You'll have to follow the instructions from firewall's manufacturer
for the specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

Please stop posting potentially harmful advice.

Disabling the messenger service, as you advise, is a "head in the
sand" approach to computer security that leaves the PC vulnerable to
threats such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

Equivalent Scenario: You over-exert your shoulder at work or
play, causing bursitis. After weeks of annoying and sometimes
excruciating pain whenever you try to reach over your head, you go to
a doctor and say, while demonstrating the motion, "Doc, it hurts when
I do this." The doctor, being as helpful as you are, replies, "Well,
don't do that."

The only true way to secure the PC, short of disconnecting it from
the Internet, is to install and *properly* configure a firewall; just
installing one and letting it's default settings handle things is no
good. Unfortunately, this does require one to learn a little bit more
about using a computer than used to be necessary.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[bud]

Hi
Well, seeing as how one of the links you give tells him exactly the same
thing I did, How much different is your advice? He already said he is
running a firewall. Now true, maybe it isn't configured properly to block
that port but not everybody is willing to learn. He asked how to stop the
popups. If he was willing to spend the time, a 2 second google search would
have given him those links you posted. There's nothing wrong with your post
but why do you need to inflate your own ego by talking down to other people
that are trying to help.

 

[Bruce Chambers]

Greetings --

I didn't "talk down" to you.

Your response to the OP glossed over the fact that the his/her
firewall was either misconfigured or malfunctioning and simply advised
turning off the Messenger Service to eliminate Messenger Service spam,
which is annoying but harmless, in and of itself. This is the sort of
advice that I find particularly dangerous. The problem is that
turning off the Messenger Service does _not_ block the wide open TCP
and UDP ports that the spammers used to deliver the spam to the
Messenger Service for display. With the
Messenger Service disabled, those spam deliveries are still
continuing, but they're simply not being displayed. As I've said,
it's like pulling the battery out of a noisy smoke detector to silence
it, rather than looking for and eliminating the source of the smoke.

The danger of this "treat the symptoms" approach has been more
than aptly demonstrated by the advent of the W32.Blaster.Worm, the
W32.Welchia.Worm, and their variants. These worms attack PCs via some
of the very same open ports that the Messenger Service uses. Need I
mention how many hundreds of thousands of PCs have been infected by
these worms since last August? To date, according to my records, I
have personally responded to 571 Usenet posts concerning
Blaster/Welchia infections since last August, and I can't possibly
have seen and replied to every one that there's been posted in this
period.

Now, how many of those infected with Blaster/Welchia had turned
off the Messenger Service to hide spam? I can't say, and I don't
think anyone can. What I can say with absolutely certainty is that if
they'd all had a properly configured firewall in place, they would
have blocked the annoying spam _and_ been safe from a great many other
dangers, particularly Blaster/Welchia.


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Jay]

To the original poster.....

http://www.grc.com/stm/shootthemessenger.htm

download this and run it......

much easier, that will stop it.

nasty to see people flaming each other ;-)

Jay

 

[Bruce Chambers]

Greetings --

Almost as "nasty" as deliberately posting bad advice?

Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Kevin Davis³]

Greetings --

Please stop posting potentially harmful advice.

Disabling the messenger service, as you advise, is a "head in the
sand" approach to computer security that leaves the PC vulnerable to
threats such as the W32.Blaster.Worm.

The real problem is _not_ the messenger service pop-ups; they're
actually providing a useful service by acting as a security alert. The
true problem is the unsecured computer, and you're only
advice, however well-intended, was to turn off the warnings. How is
this helpful?

Don't forget that the Messenger Service would also provide a useful
service to hackers if it is not patched:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-043.asp

Setup a firewall first, but if you don't need the Messenger Service,
turn it off. If you need it, patch it. You would also be well
advised to spend $50 and buy a home router.

Be especially wary of people who would insist on having you keep the
Messenger Service on as a "helpful feature" and conveniently
forgetting to inform you that it has a very serious vulnerability that
needs to be patched immediately.

And of particular interest is that Microsoft itself and security
experts are seriously reconsidering the role of the Messenger service:

http://www.infoworld.com/article/03/10/28/HNmessengeroff_1.html

http://www.pcworld.com/news/article/0,aid,113321,tk,dn110703X,00.asp

http://news.com.com/2100-7355_3-5095935.html

http://www.cnn.com/2003/TECH/internet/11/07/microsoft.popup.reut/index.html


Here's a link where Microsoft actually outright advises the user to
turn off the Messenger Service:

http://www.microsoft.com/WindowsXP/pro/using/howto/communicate/stopspam.asp


Those who would advise not to turn off the Messenger Service for the
less than trivial unintended side benefit of being a warning is
dispensing advice which contradicts the advice of many real security
professionals.