Microsoft Sues Malware Advertising Providers

Microsoft announced on 18 Sept that it has filed lawsuits against five entities that it claims have been spreading “malvertising,” or online advertising used to port malware onto end users’ machines. Microsoft is asking the court to shut down those entities, saying that they used Microsoft’s AdManager service, which lets Website owners manage their own advertising inventory, to launch their attacks.

The lawsuits are just the latest leveled by Microsoft against spreaders of malicious code. Earlier in the summer, Microsoft’s Internet Safety Enforcement Team filed a civil lawsuit in the U.S. District Court for Western Washington against what they described as a massive click-fraud scheme. In that case, the accused individuals had developed click-fraud attacks against online advertisements for auto insurance and World of Warcraft.

In 2009, Microsoft also targeted legal action against a party, Funmobile, which it accused of “spimming,” or spreading links to possibly malicious software through instant messaging. Hong Kong-based Funmobile had apparently been sending instant messages to thousands of Windows Live Messenger users since March 2009.

The 18 Sept filings represent yet another front in the battle. “Our filings in King County Superior Court in Seattle outline how we believe the defendants operated,” Tim Cranton, Microsoft’s associate general counsel, wrote in an official Microsoft blog posting on Sept. 1. “In general, malvertising works by camouflaging malicious code as harmless online advertisements. These ads then lead to harmful or deceptive content.”

Microsoft’s court filings aim at entities using the business names “Soft Solutions,” “Direct Ad,” “qiweroqw.com,” “ITmeter INC” and “ote2008.info,” which Redmond says used malvertising to spread malware and scareware.

“Although we don’t yet know the names of the specific individuals behind these acts,” Cranton continued in the blog posting, “we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits.”

The issue of malvertising became a high-profile one on the weekend of Sept. 12, when visitors to the NYTimes.com Website received pop-up messages warning of a virus and ordering them to install fake anti-virus software. The administrators of the site quickly Twittered a public warning:

“Attn: NYTimes.com Readers: Do not click pop-up box warning about a virus—it’s an unauthorized ad we are working to eliminate.”

Rouge anti-virus software has plagued the Web for years, persuading users to pay for software that either offers no antivirus protection or in fact steals data from their systems. In the April edition of Microsoft’s Security Intelligence Report, officials suggested that, of the top 25 malware or unwanted software “families,” seven had some connection to rogue security software.

In 2008, Microsoft released eight security bulletins for 155 vulnerabilities, a 17 percent increase over 2007.

Cranton offered some tips in his blog posting for end users looking to avoid malvertising. Much of this will seem standard issue to those regularly online:

• “Make sure you’re using legitimate and up-to-date antivirus, firewall and anti-malware/spyware tools.”

• “Be extra cautious about offers to secure or scan your computer with security software or programs you don’t recognise.”

• “Don’t give out personal information or credit card information unless you know the site is secure.”