Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/18/2009
10:32 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Microsoft Steps Up To Squash Malicious Advertising Threat

While the move by Microsoft to file five civil lawsuits to help fight malicious online advertisers, the winning bet is probably not going to be on this having a big impact on malicious advertising any time soon. There's just too much money being made.

While the move by Microsoft to file five civil lawsuits to help fight malicious online advertisers, the winning bet is probably not going to be on this having a big impact on malicious advertising any time soon. There's just too much money being made.From Thomas Claburn's report Microsoft Files Five Lawsuits To Halt Malicious Advertising:

Microsoft (NSDQ: MSFT) on Tuesday filed five civil lawsuits in Seattle's King County Superior Court to combat malicious online advertising, or malvertising.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

"These ads then lead to harmful or deceptive content," said Microsoft associate general counsel Tim Cranton, in a blog post. "For example, ads may redirect users to a Web site that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer."

This isn't the first time Microsoft has gone after organizations for allegedly spewing scourge. In fact, in December 2003 Microsoft sued a number of organizations for violations of consumer protection laws in New York and Washington. The spammers were accused of using forged sender names, false subject lines, fake server names, inaccurate and misrepresented sender addresses, or obscured transmission paths.

All of that is still happening today, and probably in much larger numbers than in 2003. Spam has continued to grow because it's profitable. Hard as it is to believe, people, somewhere, are responding to it and they're buying stuff. If they didn't, spam would stop.

And malicious ads that sell so-called scareware is big money. In our post, XP Security 'Scareware' Scams Skyrocketing, from a year ago, we noted that hundreds of thousands of copies of scareware were being sold within days.

More recently, anti-virus maker Panda Security researchers Luis Corrons and Sean-Paul Correll published a study, The Business of Rogueware [.pdf], that estimated online fraudsters are hauling about 34 million a month through such scareware attacks.

So while it's welcomed news, and will no doubt create a level of hassle for some purveyors of malicous advertising and scareware, these cretins will do what they always do -- and that's move their operations out of the reach of US and Western international laws.

Still, this legal move is good news. It makes it clear that these types of scams won't be tolerated, and lawsuits and hopefully prosecutions will be filed whenever possible. And, just like the battle against spam, more people will probably employ technology to help. In this case, the use of ad-blocking software.

Which brings us to one of Microsoft's likely motivations behind this action: a bigger part of their business going forward will rely on online advertising -- and Web users blocking and ignoring advertisements, because they fear scams or malware, just won't be good for business.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16145
PUBLISHED: 2020-08-12
Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document.
CVE-2020-16266
PUBLISHED: 2020-08-12
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CS...
CVE-2020-17372
PUBLISHED: 2020-08-12
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
CVE-2020-17373
PUBLISHED: 2020-08-12
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
CVE-2020-6932
PUBLISHED: 2020-08-12
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.