Microsoft Lawsuit Shows Malicious Advertising a Growing Issue

 
 
By Nicholas Kolakowski  |  Posted 2009-09-19 Email Print this article Print
 
 
 
 
 
 
 

Microsoft is suing five online entities and the individuals behind them for spreading "malvertising," or online advertising that delivers malware. As demonstrated by a September attack on The New York Times Website, malicious online advertising represents a persistent and increasingly high-profile problem for businesses and consumers.

Microsoft announced on Sept. 18 that it has filed lawsuits against five entities that it claims have been spreading "malvertising," or online advertising used to port malware onto end users' machines. Microsoft is asking the court to shut down those entities, saying that they used Microsoft's AdManager service, which lets Website owners manage their own advertising inventory, to launch their attacks.

The lawsuits are just the latest leveled by Microsoft against spreaders of malicious code. Earlier in the summer, Microsoft's Internet Safety Enforcement Team filed a civil lawsuit in the U.S. District Court for Western Washington against what they described as a massive click-fraud scheme. In that case, the accused individuals had developed click-fraud attacks against online advertisements for auto insurance and World of Warcraft.

In 2009, Microsoft also targeted legal action against a party, Funmobile, which it accused of "spimming," or spreading links to possibly malicious software through instant messaging. Hong Kong-based Funmobile had apparently been sending instant messages to thousands of Windows Live Messenger users since March 2009.

The Sept. 18 filings represent yet another front in the battle.

"Our filings in King County Superior Court in Seattle outline how we believe the defendants operated," Tim Cranton, Microsoft's associate general counsel, wrote in an official Microsoft blog posting on Sept. 1. "In general, malvertising works by camouflaging malicious code as harmless online advertisements. These ads then lead to harmful or deceptive content." 

Microsoft's court filings aim at entities using the business names "Soft Solutions," "Direct Ad," "qiweroqw.com," "ITmeter INC" and "ote2008.info," which Redmond says used malvertising to spread malware and scareware.

"Although we don't yet know the names of the specific individuals behind these acts," Cranton continued in the blog posting, "we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits."

The issue of malvertising became a high-profile one on the weekend of Sept. 12, when visitors to the NYTimes.com Website received pop-up messages warning of a virus and ordering them to install fake anti-virus software. The administrators of the site quickly Twittered a public warning:

"Attn: NYTimes.com Readers: Do not click pop-up box warning about a virus-it's an unauthorized ad we are working to eliminate."

Rogue anti-virus software has plagued the Web for years, persuading users to pay for software that either offers no antivirus protection or in fact steals data from their systems. In the April edition of Microsoft's Security Intelligence Report, officials suggested that, of the top 25 malware or unwanted software "families," seven had some connection to rogue security software.

In 2008, Microsoft released eight security bulletins for 155 vulnerabilities, a 17 percent increase over 2007.

Cranton offered some tips in his blog posting for end users looking to avoid malvertising. Much of this will seem standard issue to those regularly online:

  • "Make sure you're using legitimate and up-to-date antivirus, firewall and anti-malware/spyware tools."

  • "Be extra cautious about offers to secure or scan your computer with security software or programs you don't recognize."
  • "Don't give out personal information or credit card information unless you know the site is secure."
 


 
 
 
 
Nicholas Kolakowski is a staff editor at eWEEK, covering Microsoft and other companies in the enterprise space, as well as evolving technology such as tablet PCs. His work has appeared in The Washington Post, Playboy, WebMD, AARP the Magazine, AutoWeek, Washington City Paper, Trader Monthly, and Private Air. He lives in Brooklyn, New York.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel