Freigeben über

Bad Ad: Going After The Malvertising Threat

  • Artikel

Posted by Tim Cranton 
Associate General Counsel

Today, Microsoft filed five civil lawsuits, the first of their kind against a nasty phenomenon known as malvertising. That’s the industry term for malicious online advertising. Microsoft works with the other leading providers of online ad platforms to mitigate the threat posed by malvertising, but we’re now taking that effort a step further.

Our filings in King County Superior Court in Seattle outline how we believe the defendants operated, but in general, malvertising works by camouflaging malicious code as harmless online advertisements. These ads then lead to harmful or deceptive content. For example, ads may redirect users to a website that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer. Malvertising may also directly infect a victim’s computer with malicious software like Trojans – programs that can damage data, steal personal information or even bring the users’ computer under the control of a remote operator.

The lawsuits allege that individuals using the business names “Soft Solutions,” “Direct Ad,” “qiweroqw.com,” “ITmeter INC.” and “ote2008.info” used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users. Although we don’t yet know the names of the specific individuals behind these acts, we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits.

We hope that today’s filings will help deter malvertising in the future, but meanwhile, adopting a few good habits can help you avoid online scams and ensure the safest computing experience possible:

  • Make sure you’re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
  • Be extra cautious about offers to secure or scan your computer with security software or programs you don’t recognize.
  • Don’t give out personal information or credit card information unless you know the site is secure.

Microsoft works vigilantly, using both technology and the law, to fight illegal activity that undermines people’s trust in the Internet and online services. Today’s filings build on other recent actions we’ve taken againstclick fraud and instant messaging spam (aka “spim”).

This work is vitally important because online advertising helps keep the Internet up and running. It’s the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN. Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services.

We’ve posted copies of our court filings online:

• Microsoft Corp. and Microsoft Online Inc. v. John Does 1-20, d/b/a DirectAd Solutions: King Co. Superior Court Cause No. 09-2-34024-2 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a Soft Solutions, Inc. King Co. Superior Court Cause No. 09-2-34021-8 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a qiweroqw.com: King Co. Superior Court Cause No. 09-2-34020-0 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a ote2008.info: King Co. Superior Court Cause No. 09-2-34022-6 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a ITmeter Inc. : King Co. Superior Court Cause No. 09-2-34023-4 SEA

We’ll continue to blog about efforts to find and fight cybercrime in all its forms. In the meantime, the Microsoft Advertising team has also posted some additional thoughts on this issue on its blog. And as always, please visit https://www.microsoft.com/protect for more information about staying safe online.

Comments

  • Anonymous
    July 08, 2010
    The world was created by a single thought!  Nurkun dot com

  • Anonymous
    July 09, 2010
    Thanks for the above.  The first and last two PDF files is not opening.  Please re-upload? Thanks!

  • Anonymous
    July 09, 2010
    Excellent. Looking forward to seeing how this pans out.

  • Anonymous
    July 09, 2010
    Another "company" doing this is called RegTool, and I unwittingly subscribed to one of their services. I have paid for it and do not care about the money ($36.95) but I cannot get them out of my computer. I have had four different Microsoft technicians trying to no avail, and I am at my wit's end. They are predators, and even the service I paid for was sold fraudulently as nothing in it will work unless I purchase something else. These people should be in prison, not in my computer! I hope Microsoft will also take them to court.  Thanks for listening.

  • Anonymous
    July 09, 2010
    AWESOME!!  Clash of the Titans!  Evil battles evil!!  Stay tuned for action!    Hey, Microsoft.  If you stopped your marketing efforts, stopped the embrace-extend-extinguish, stopped the bogus research of "open source", you might find time to actually secure your operating systems.    Yeah, Win7 is the most secure operating system EVAH!!  Give it a few months....  Still got ActiveX???

  • Anonymous
    July 09, 2010
    Jeannette Mulvaney - google Trinity Rescue Kit.  Linux is capable of rescuing broken Windows installations.  Since you were capable of posting a coherent problem, I'll assume that you are capable of reading directions, then entering a few commands in a terminal.  Trinity is easy - give it a try.

  • Anonymous
    July 09, 2010
    I seriously hope Microsoft wins this battle, alltough they serve the biggest malware themselves (ActiveX)

  • Anonymous
    July 09, 2010
    While I applaud MS for doing this, I have to ask ( since the judge will ) what standing does MS have to do this?  

  • Anonymous
    July 09, 2010
    i spent the morning trying to remove "Total Security" from my girlfriend's PC.     for the sake of PC users everywhere, i hope MSFT nails these guys and they go to jail. here's my rant + instructions on how to remove the program:    www.scribemedia.org/.../malware-scareware

  • Anonymous
    July 09, 2010
    Why not go after the money trail to find these guys. Create a tracing purchase and follow the money trail through the credit cards companies into the criminal's bank accounts.    You have agree that these criminals are breaking their use-agreements with the credit card companies by committing criminal consumer fraud.  The credit card companies can shut these down anytime they want if they are indentified.

  • Anonymous
    July 09, 2010
    The comment has been removed

  • Anonymous
    July 09, 2010
    The comment has been removed

  • Anonymous
    July 09, 2010
    These people should be in prison, not in my computer! I hope Microsoft will also take them to court.

  • Anonymous
    July 09, 2010
    I'm glad you wrote this. From the American perspective it seems so black and white.

  • Anonymous
    July 09, 2010
    These people should be in prison, not in my computer! I hope Microsoft will also take them to court.