Messenger spam started off with windows alerts being pushed to the surprised users desktops. Pop-ups would appear on user’s desktops with the advertisement information. Users would have no control and no ability to block or opt out, since they had not given permission in the first place.

How did it work? NetBIOS and RPC ports were left open, allowing spammers free access to systems, both home based or otherwise, and with the advent of broadband, thousands of advertising opportunities opened. Poorly secured network connections allowed access to the Windows Messenger service, a service originally designed for administrators to send messages to users about network related issues to be abused. Messages sent this way, would be nearly untraceable, anonymous and annoying.

Spam messages often included telephone numbers and web site addresses; however the original advertiser would not be blamed for the intrusion into user’s machines, since they would have outsourced the advertising to a spammer specializing in this space.

Spam traffic, including SMTP traffic accounts for a huge proportion of today’s internet traffic. Worms and robots which gather information for spammers, include traditional spam bots trawling websites for usable email information, however even more sinister are robots which probe thousands of internet connected networks every day, seeking to find open ports to inject advertising messages.

Instant Messaging clients, including MSN, Yahoo, Google, Jabber, etc, have all at one point in time been targets of attack, forcing the owners to tighten up security in order to protect users. Since malware and spyware take advantage of the same Windows Messenger Service and IM ports which allow unwanted advertising to be propagated, much has been achieved with personal firewalls.

Corporate networks will benefit from ensuring that NetBIOS and RPC based ports are locked down, as well as logging IM based traffic. Infesting in intelligent firewalls such as Microsoft’s ISA server and federating the Instant Messaging traffic sent and received, using enterprise IM products, not only greatly reduces IM spam, but offers a level of control not previously possible to the network administrator.

Due to the huge range of Windows Versions available in the world today, messenger spam is still being reported across the globe. Network administrators can protect their users from the Windows Messenger Service attack by ensuring that the service is stopped and disabled in the control panel if not required by the business, as well as installing a firewall capable of blocking this and other kinds of messenger spam attacks.