“Before Walter Pomerleau could surf the Web recently, he had to fight a new kind of pop-up ad sweeping across the Internet,” Byron Acohido reports for USA TODAY. “The retired Massachusetts State Police major had to cancel 30 pop-up text boxes, each one directing him to Web pages to buy products and services. Later, as Pomerleau tried to compose e-mail, he had to delete 15 more pop-up boxes that kept superimposing in front of his e-mail. ‘They were more than annoying,’ he says. ‘They drove me crazy.’ Pomerleau fell victim to advertisers who are increasingly taking advantage of a feature, Windows messenger service, built into PCs using the Microsoft Windows 2000 and XP operating systems. This includes all Windows PCs sold in the past two years.”
Acohido explains that the Windows “feature” was intended to allow network administrators to broadcast text alerts via pop-up boxes to groups of computer users in a corporate setting. But, hackers discovered this “feature” will also accept pop-up boxes broadcast across the Internet. This means that advertisers can insert product pitches into such boxes and broadcast them to any Web-connected Windows XP or 2000 personal computer.
“‘It has gotten to the point where the home PC user has to battle for control of his PC,’ says Jeremiah Grossman, president of WhiteHat Security… Microsoft views pop-up boxes as a benign nuisance that does ‘not pose a security risk,’ says Greg Sullivan, product manager for Windows. Advertisers are unable to ‘execute code or do anything malicious,’ Sullivan says. ‘It does nothing to compromise your system other than cause an interruption,'” Acohido reports.
Macintosh users are unaffected.
Full article here.