Check or Attack Name: messenger

The messenger service was detected as running. The Windows NT messenger service lets a user send pop-up messages to other users.

A network administrator may consider this ability as an unnecessary risk because these types of services have been used in social engineering attacks. Some users may respond to a request to change their password, create a share, or otherwise open holes in the network. A side effect of running this service is that it causes the current user name to be broadcasted in the NetBIOS name table, giving an attacker a valid user name to use in brute force attempts.

Disable the Messenger service.

To stop or disable a service in Windows NT, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Service.
2. Select the service.
3. Click Stop.
4. When the service has stopped, click Startup.
5. Choose one of these options:
• To permanently disable the service, click Disabled.
• To turn the service off unless manually activated by the user or a program, click Manual.
6. Click OK, then click Close.