Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/18/2009
10:32 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Microsoft Steps Up To Squash Malicious Advertising Threat

While the move by Microsoft to file five civil lawsuits to help fight malicious online advertisers, the winning bet is probably not going to be on this having a big impact on malicious advertising any time soon. There's just too much money being made.

While the move by Microsoft to file five civil lawsuits to help fight malicious online advertisers, the winning bet is probably not going to be on this having a big impact on malicious advertising any time soon. There's just too much money being made.From Thomas Claburn's report Microsoft Files Five Lawsuits To Halt Malicious Advertising:

Microsoft (NSDQ: MSFT) on Tuesday filed five civil lawsuits in Seattle's King County Superior Court to combat malicious online advertising, or malvertising.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

"These ads then lead to harmful or deceptive content," said Microsoft associate general counsel Tim Cranton, in a blog post. "For example, ads may redirect users to a Web site that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer."

This isn't the first time Microsoft has gone after organizations for allegedly spewing scourge. In fact, in December 2003 Microsoft sued a number of organizations for violations of consumer protection laws in New York and Washington. The spammers were accused of using forged sender names, false subject lines, fake server names, inaccurate and misrepresented sender addresses, or obscured transmission paths.

All of that is still happening today, and probably in much larger numbers than in 2003. Spam has continued to grow because it's profitable. Hard as it is to believe, people, somewhere, are responding to it and they're buying stuff. If they didn't, spam would stop.

And malicious ads that sell so-called scareware is big money. In our post, XP Security 'Scareware' Scams Skyrocketing, from a year ago, we noted that hundreds of thousands of copies of scareware were being sold within days.

More recently, anti-virus maker Panda Security researchers Luis Corrons and Sean-Paul Correll published a study, The Business of Rogueware [.pdf], that estimated online fraudsters are hauling about 34 million a month through such scareware attacks.

So while it's welcomed news, and will no doubt create a level of hassle for some purveyors of malicous advertising and scareware, these cretins will do what they always do -- and that's move their operations out of the reach of US and Western international laws.

Still, this legal move is good news. It makes it clear that these types of scams won't be tolerated, and lawsuits and hopefully prosecutions will be filed whenever possible. And, just like the battle against spam, more people will probably employ technology to help. In this case, the use of ad-blocking software.

Which brings us to one of Microsoft's likely motivations behind this action: a bigger part of their business going forward will rely on online advertising -- and Web users blocking and ignoring advertisements, because they fear scams or malware, just won't be good for business.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
'Unkillable' Android Malware App Continues to Infect Devices Worldwide
Jai Vijayan, Contributing Writer,  4/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Digitized COVID-19 Prevention
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-21034
PUBLISHED: 2020-04-09
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
CVE-2020-1895
PUBLISHED: 2020-04-09
A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128.
CVE-2020-5263
PUBLISHED: 2020-04-09
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the er...
CVE-2020-9499
PUBLISHED: 2020-04-09
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
CVE-2020-9500
PUBLISHED: 2020-04-09
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.