Pop-up Spam is Double Trouble

Written By Anick Jesdanun
ASSOCIATED PRESS

     NEW YORK - As if junk e-mail and pop-up ads weren't annoying enough on their own, now there's a combination.

    A developer of bulk-mail software has figured out how to blast computers with pop-up spam over the Internet through a messaging function on many Windows operating systems. The function was designed for use by computer-network technicians to, for instance, warn people on their systems of a planned shutdown.

     The pop-up messages appear on recipients' computers in separate windows, similar to pop-up ads that appear when a user goes to a Web site.

     But there is a difference: Anyone can send the messages, and there is no need for the user to have an Internet browser open.

     Gary Flynn, a security engineer at James Madison University - where several messages were received - calls the technique worse than e-mail spam.

     "This pops up on the screen," he said. "It's almost like somebody barging in your office and interrupting you."

     Zoltan Kovacs, founder of the company that makes the new software, officially condemns spamming, but acknowledges that some customers buy it for that.

     "If some people use it for bad things, they should take their own responsibility, but it's their own problem," Mr. Kovacs said.

     He said his tool can help system administrators send alert notices to network users more efficiently.

     However, his Web site emphasizes the software's advertising and marketing potential. He said he has sold more than 200 copies since it was released two months ago at $699.99.

     The new spam technique, first reported by Wired.com, is the latest attempt to bypass the increasingly sophisticated e-mail spam filters employed by leading Internet-service providers and individual users.

     It also circumvents state and other laws designed to curb junk e-mail, Mr. Kovacs said.

     He said his company is based in Romania. A demo copy of the software contains a Plantation, Fla., address, but he said that is old. Mr. Kovacs refused to discuss his location, other than saying he is in the United States.

     In recent weeks, Internet users have reported receiving pop-up messages such as one advertising university degrees without classes or books.

     Security firm MyNetWatchman.com, which monitors 1,400 computer networks worldwide, also detected unsolicited connection attempts of the pattern used by Mr. Kovacs' software, DirectAdvertiser.

     Unlike with e-mail, recipients can receive messages only if their computers are on while the messages are being sent. And the software can only send text - not images nor clickable links as are found in pop-up ads and e-mail.

     The software itself does not hack into computers. Rather, it uses the Messenger service that comes turned on by default with many Windows systems, including 2000 and XP, said Philip Sloss, an independent security consultant in San Diego.

     Messenger, not to be confused with the MSN Messenger instant-messaging program, is meant for system administrators to broadcast service notices.

     But if a system administrator can use Messenger, so can someone connecting through the Internet from the outside, said Lawrence Baldwin, president of MyNetWatchman.com.

     Mr. Flynn said hackers might use the technique to persuade users to change their passwords or otherwise compromise security.

     The DirectAdvertiser software finds Messenger-enabled computers by running through ranges of numeric Internet Protocol addresses used to identify computers on the Internet.

     The software, however, may not work if a computer is behind a security fire wall or if multiple computers share the same numeric address using a traffic router.

     The pop-up messages it sends are much more difficult to trace - and thus block - than e-mail spam, Mr. Baldwin said. The software's Web site says the messages are "completely anonymous and virtually untraceable," which he confirms.

     Users can disable Messenger through their operating system's control panel, although doing so could interfere with some anti-virus and other applications that send such messages. Mr. Kovacs even provides instructions on his Web site.

     Mr. Kovacs said his software can send more than 10,000 messages an hour through high-speed cable modems and DSL connections. Using a more expensive T1 line increases the capacity threefold.

     Mr. Kovacs, who refused to disclose his customers, said he has heard from people wishing to buy the software as well as those wishing to turn off the Messenger functions. Every few days, an irate caller addresses him "using bad words."

     "We just hang up the phone," he said.