Black Viper
Black Viper
Oct 192002

This is due to spammers exploiting a feature that has been in Windows since Windows NT 3.5, but not Windows 95, 98, Me. It is called the “net send” command. This has nothing to do with MSN Messenger, nor is it “WinPopUp.”

The reason spammers have begun to target this “feature” is the fact that people are beginning to adopt OS’s built on NT, such as XP. Previously, the un-requested popups were not a problem because so few people were running an OS that supported it.

To test for this security vulnerability, at the command prompt, (run: cmd.exe) type:

net send hi

If you get a popup “hi” message, you should disable the Messenger service.

How to change the state of a service is here.

If you get an error stating, “The message alias could not be found on the network,” you are safe.

If, for whatever reason, you need the Messenger service running but wish not to have spam popups active, you can disable the particular ports at your firewall. The Messenger service uses UDP ports 135, 137, and 138; TCP ports 135, 139, and 445.