Security experts are warning users to switch off a Windows messaging feature that has been taken over by spammers and could now pose the latest security threat for Windows users.
The feature, known as the messenger service, was originally designed to let a network administrator send warnings to users when, for example, a server is scheduled to go down for maintenance. Last year, bulk advertisers began using the tool to send pop-up advertising messages directly to a user's computer, and researchers say it would be simple for a virus writer to exploit the feature as well. The feature is not related to Microsoft's instant messaging software.
The warnings take on added urgency with the outbreak of several worms over the past few days that are affecting PCs and corporate networks. The MSBlast worm, the "good" Welchia/Nachi worm, a new version of the Sobig virus and the threat of a Direct X attack are all currently causing concern for Windows users.
Jack Clark, spokesman at security software company McAfee, explained that although the messenger service is not a threat on its own, it could easily be exploited to bring further misery for administrators and users. "Someone could write a virus that infects your machine and instructs it to send out those messages to everyone else," said Clark.
The messaging service, using a component called "Net Send", can be used to send a pop-up alert with 128 characters to either a single user, all users on a domain, or all users that have sessions with a particular server. This could allow spammers to send thousands or even hundreds of thousands of messages from a single command in a DOS shell, although Microsoft's Web site advises people to "use discretion when sending messages to multiple users".
Alex Shipp, a senior antivirus technologist at email security company MessageLabs, agreed the message service is a threat and recommended that administrators make sure it is turned off. "I haven't come across anyone in the past year that has used the messenger service. In general, things you are not using should be turned off -- it is probably best not to leave it up to the poor end user to make those decisions," he said.
In order to switch off the messenger service in Windows XP, Go to the Start button, click on Control Panel, Admin tools and choose Services. Then double click on Messenger and change the Start-Up type to Disabled. Finally, reboot the PC.
Microsoft was not available for comment.
