Microsoft lets spammers throw ads through our Windows

Where will the intrusion end?

Spammers have co-opted an administration feature in Microsoft's Windows operating systems and are using it to bring up intrusive advertisements on internet-connected computers. The feature, known as the messenger service, typically lets a network administrator send warnings to users when, for example, a server is scheduled to go down for maintenance. But now some advertisers are using it to send bulk messages to anyone connected to the internet with an accessible address. Charmaine Gravning, product manager for Windows at Microsoft, said: "Spammers are blindly sending their advertisements by randomly picking a series of internet addresses. On computers without a firewall, a little messenger window pops up." The messenger feature, not to be confused with Microsoft's instant messaging applications, can use many different protocols to send a single message, according to Microsoft. The intrusive messages can appear on any computers running Windows 95, 98, NT, 2000 and XP which are directly connected to the internet via a valid address. Windows systems behind a firewall or attached to a router that links multiple computers to a single internet address will be unaffected. Lawrence Baldwin, president of myNetWatchman.com, which monitors incidents on the internet through a network of sensors set up by volunteers, said: "The feature can be used to notify a user when a printer job fails. It was never the intention to let someone halfway across the world send messages that pop up on your screen." "This is just going to be a whole other delivery vehicle for spam," Baldwin said, adding that the fact the service is turned on by default is another indication that Windows security has a way to go. "But welcome to Microsoft," he said. Robert Lemos writes for News.com