Microsoft Sues Alleged 'Malvertisers' -- Redmondmag.com

Microsoft Sues Alleged 'Malvertisers'

Plus: an SMB flaw stopgap measure; Security Essentials on the release horizon.

By Jabulani Leffall
09/22/2009

You have to be neither Bill Gates nor Perry Mason to know that technology evolves faster than any legal proceeding -- even an open and shut case. Yet and still, in the name of security for the whole tech ecosystem, Redmond has filed lawsuits in Seattle's King County Superior Court against Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC and ote2008.info, claiming that the five groups are separately and collectively responsible for spreading "malvertising."

Malvertising includes everything from popups advertising car insurance and online gaming to fake security notices, or "scareware." The latter often comes in the form of fake Windows security alerts saying there is something wrong with a workstation. Of course, when the user clicks on the link, something will be wrong with the workstation through remote code execution if the proper anti-virus or "whitelist" safeguards aren't in place.

Microsoft is asking the local court to shut down the companies because they allegedly used Redmond's AdManager service, which filters and conveys advertising links on a given Web site. Redmond claims the named companies are using AdManager as a platform to launch attacks.

Redmond is getting more serious about the issue as it fights legal and technological battles against malware and spam. Earlier in the year Redmond's Internet Safety Enforcement Team filed a separate civil lawsuit in the U.S. Federal District Court region that includes Redmond, Washington. In that suit, the company took aim at alleged perpetrators of "click-fraud" schemes,which is similar to phishing in that links for World of Warcraft and discount auto insurance and the like redirected users to malicious content and really had nothing to do with wizards or deductibles.

Redmond Rolls Out SMB Flaw Stopgap
It's not a patch but Microsoft is offering new guidance on a one-time workaround for a previously disclosed Server Message Block 2 vulnerability. An increasingly common server-side vector, SMB is a network protocol embedded in Windows OS components, particularly those involving the Internet. The workaround is for users of SMB products sitting on Vista or Windows Server 2008.

Describing the workaround as a "one-click fix," Redmond added the guidance to its previous security advisory. It is being viewed as a temporary fix until a patch surfaces.

Microsoft said in this blog post, that it wasn't "aware of any in-the-wild exploits or any real-world attacks."

"However, we are aware of exploit code developed by Immunity Inc. and released to customers who subscribe to the CANVAS Early Updates program. We have analyzed the code ourselves and can confirm that it works reliably against 32-bit Windows Vista and Windows Server 2008 systems," the post said.

The caveat on this fix though is that in the absence of a pure patch of the SMB vulnerabilities, there may be more proof-of-concept attack code in the offing later this week, according to open source exploit clearinghouse Metasploit and its security maven HD Moore. Stay tuned.

New AV Software Coming Soon, Microsoft Says
Microsoft is telling users of its Security Essentials anti-virus software suite that the program will soon be available to the public.

Over the weekend Redmond said a new and improved product will ship "in the coming weeks."

In June, Microsoft Security Essentials (MSE) 1.0 was made available to 75,000 testers. Beta testers are urged to upgrade to the newest version to ease the transition.

The highly anticipated if not controversial release comes after Microsoft received plenty of criticism about its software security over the years. Particularly, competitors such as Symantec have said Redmond isn't built for the AV software game, as a whole industry has built up around providing that security at a cost as opposed to what Microsoft is now offering for free.

Security Essentials was formerly known by its code name, "Morro," and will replace Microsoft's free Windows Defender anti-malware, according to an earlier Microsoft blog post.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.