Vulnerabilities / Threats

9/17/2009
07:50 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft Files Five Lawsuits To Halt Malicious Advertising

In an effort to protect Windows users, Microsoft is suing unidentified scammers for distributing malware through online ads.

Microsoft on Tuesday filed five civil lawsuits in Seattle's King County Superior Court to combat malicious online advertising, or malvertising.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

"These ads then lead to harmful or deceptive content," said Microsoft associate general counsel Tim Cranton, in a blog post. "For example, ads may redirect users to a Web site that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer."

Cranton says that malicious ads can also infect vulnerable computers with Trojan software, which can steal data, hinder operation, or turn computers into zombies, or bots.

Click Forensics, a company that tracks click fraud, on Thursday said that it had discovered a 200,000 computer botnet -- a group of compromised computers harnessed to work in unison -- linked to the Microsoft lawsuits. In a blog post, Steve O'Brien, VP of sales and marketing at Click Forensics called it "one of the most advanced sources of click fraud we've seen."

The botnet, known as the "Bahama botnet" because it at one time directed online traffic through computers in the Bahamas, is believed to be linked to the malicious advertising that appeared on the New York Times Web site several days ago, according to O'Brien.

Although O'Brien suggests that the cyber crime group believed to be responsible is located in Ukraine, Richard Boscovich, senior attorney at Microsoft for Internet safety enforcement, said in a phone interview that it's not clear where the people responsible are located.

In early 2008, Niels Provos, a security engineer at Google, said in a blog post that about 2% of malicious Web sites were distributing malware through advertising, based on an analysis of about 2,000 known advertising networks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11506
PUBLISHED: 2018-05-28
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer.
CVE-2018-11507
PUBLISHED: 2018-05-28
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.