NOW SpinRite 6.1 – Fast and useful for spinning and solid state mass storage!

Windows Messenger Spam Elimination Freeware
by Steve Gibson,  Gibson Research Corporation.

Page last modified: Dec 17, 2005 at 17:24Developed by Steve Gibson

In addition to being a security risk, Windows'
"Messenger Service" is being used to "Spam"
Windows users across the Internet.

This 22 kbyte "Shoot The Messenger" utility gives users
immediate control over the Windows Messenger service.

File stats for: Shoot The Messengerfile download  freeware page
Last Updated:
Size: 22k
Apr 26, 2003 at 07:52
(7,760.89 days ago)
Downloads/day: 8
Total downloads: 2,449,066
Current Rank: 17
Historical Rank: 8

The Latest Spam Technology

The Windows "Messenger Service" is being exploited to spray the Internet with unsolicited commercial eMail. The receipt of a single UDP packet can cause a "Messenger Service" dialog to pop-up on the user's screen. It is possible for the sender to "spoof" (falsify) the packet's "Source IP", making these packets impossible to trace back to their origin. If our experience with eMail Spam is any model, we can expect to see a lot more of this in the future.

 Wired News: Spam Masquerades as Admin Alerts

Bad Company: These sample home pages give you a good idea what's going on, and just how bad it's likely to become:  — Now defunct, yay!  — Now defunct, yay!

Windows Messenger Service

The first thing to understand is that the Windows Messenger Service is completely different from, and not in any way related to, "MSN Messenger", "Windows Messenger", or any other well-known instant messaging system. Therefore, disabling the Windows Messenger service will have no effect upon your use of any other instant messaging applications. They will continue to work without trouble.

If you ever see legitimate pop-up warnings or announcements with the phrase "Messenger Service" in the title bar, you might have an application running in your system that relies upon the built-in Messenger Service for the delivery of its information. But every application we know of displays its own pop-up alert dialogs, and we're not aware of any programs that rely upon the Messenger Service. It's just a theoretical possibility. If it turns out that you do need to have the Messenger Service running, "Shoot The Messenger" will easily re-enable and start the service.

What is the Messenger Service?

Starting back with Windows NT, and carried forward into all subsequent operating systems, Microsoft included a simple way for users on a network to send each other short "pop-up" messages. Network administrators might have used it to notify everyone of system-wide events. It was a nice idea, though in its original form it never caught on widely. There is a standard command line program "Net Send", that can be used to generate these messages, and there's also a GUI (Graphical User Interface) application to do the same.

If you're curious to see the graphical interface: On Windows 2000 or XP, right-click on "My Computer"/"Manage". Then under "System Tools" right-click on "Shared Folders". Choose "All Tasks" and finally "Send Console Message..."

You probably didn't know any of that was there, and neither do most people. It's a never-used feature that has been replaced by the various well known, popular, and feature-rich instant messaging systems. But, like a great many other "legacy" features of Windows, since it was once included, it survives in case anyone who once used it might still need it.

Several considerations make this something of a problem:

For network messages to be received, the receiving machine must open a port to actively listen for incoming network packets. That means that an Internet server must be running in the computer to service the incoming messages. The entire industry is still learning the hard way — with Code Red, Nimda, SQL Slammer, and the never exploited (yet) UPnP vulnerability — that leaving unneeded and non-maintained open servers running on the Internet is a bad and dangerous practice. Yet this has been Microsoft's continuing practice. What's worse is that, out of the box, Windows does this to end-user consumer machines.

The Messenger Service is another example of an Internet server that is running, by default, in all versions of Windows from NT through XP. It's a bad idea.
Even if some group of users on a local area network (LAN) were using the built-in Messenger Service to send short notes and alerts to each other, it's a good bet that no one ever intended for it to be used out on the wide area Internet network (WAN). The fact that the Messenger Service "went global" as Windows-based personal computers were put onto the Internet was probably an accident of history and an oversight by Microsoft. Or perhaps Microsoft just didn't care. Either way, it's a good bet that no typical Internet end user who knows what's going on needs or wants to have it running.
Since the first release of Windows 1.0, people have never stopped complaining about how slow and resource-hungry Windows is to boot and operate. It's things like leaving unneeded, unwanted, and never used services running — exactly like Windows Messenger — that tie up RAM, burn CPU cycles, and consume other system resources. It adds up to slowing everything down.

Turning off unneeded services and not running unnecessary programs is always a good idea.

As you can probably see . . .

Even if your Windows 2000 or XP machine is safe
behind a personal firewall or NAT router, shutting
down the Messenger Service is a good idea.

Introducing "Shoot The Messenger"

Shoot The Messenger allows any Windows
NT/2000/XP user to easily stop and disable
the unnecessary Messenger Service running
in their machines.

Click this link, or the image above, to download our
22k byte "Shoot The Messenger" utility program.

Shooting The Messenger

Download and run our small (22 kbyte) "ShootTheMessenger.exe" utility. It will display the current status of your system's Messenger Service. The button near the bottom of its window will allow you to set the service to whichever state — running or disabled — that you desire.

If, for any reason, you should ever choose to re-enable the Windows Messenger Service, simply re-run ShootTheMessenger to do so.

ShootTheMessenger supports two command line convenience options which can be useful for operation from corporate logon scripts or batch command files:

ShootTheMessenger disable

ShootTheMessenger enable

Demonstrating and Testing Messenger Spam

The recent major upgrade to our ShieldsUP! services has incorporated the ability to have us send your machine a few simple and harmless "Messenger Spam" pop-up notes. You can use this facility to see these Messenger Service pop-ups for yourself if you don't usually, because your system is behind a personal firewall or NAT router. And to verify that they are no longer received once you have successfully disabled Windows' built-in Messenger Service. Please see the "Messenger Spam" section of our ShieldsUP! Services to perform these tests.

That's all there is to it. It's simple, straightforward, and highly recommended for every user of Windows 2000 and XP.

I hope you will find "ShootTheMessenger" to be a useful and reliable addition to your personal collection of software utilities. Please feel free to share this program with your family and friends. We know of no one who needs to, or should be, running the Messenger Service . . . but as you have seen, unless and until it is deliberately stopped and disabled, everyone is running it needlessly.

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Dec 17, 2005 at 17:24 (6,794.50 days ago)Viewed 69 times per day