News

Microsoft Takes on Malvertising

Microsoft last week filed a civil lawsuit against five companies for allegedly spreading malicious online advertising.

The case centers on the practice of "malvertising," where an online ad directs a user to a Web site with malicious code after being clicked. The defendants named in Microsoft's lawsuit, filed in Seattle's King County Superior Court, include Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC and ote2008.info.

Malvertising typically leads to "scareware," a pop-up notice on a Windows machine telling the user about a security threat. The notice directs the user to download an "antivirus program" that may turn out to be malware.

Microsoft is asking the court to shut down these companies because they allegedly used Microsoft's AdManager service, which filters and conveys ads on Web sites. Redmond contends that the defendants used AdManager as a platform to launch attacks.

The lawsuit is "vitally important because online advertising helps keep the Internet up and running," according to Microsoft's Associate General Counsel Tim Cranton, in a blog post. "It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN."

Cranton added that "fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry" and to those who use such free or low-cost services on the Internet.

Tyler Reguly, a security research engineer at nCircle, wonders if the whole tech ecosystem has gone overboard with monetizing the Internet. Advertisements of all kinds get pushed to make money, so that in the current environment, users can scarcely see a page load without stumbling upon ads. And some of those ads are questionable, even on legitimate sites.

"Malvertising is definitely a growing trend and a dangerous one, but at the same time, I don't know that a civil suit will really accomplish much beyond bringing attention to the issue, but that may be Microsoft's goal," Reguly said.

Microsoft has also tried to protect its ad platform from "click fraud," where ads get clicked repeatedly by a person or program to increase costs for advertisers. The company filed a civil lawsuit over the matter in June. 

While court battles rage on, software security companies remain on the front lines.

"Microsoft has made this a legal issue by bringing action in the courts, but the issue still remains at the core a technical matter," said James Michels, vice president of marketing at security service firm ANXeBusiness. "As cyber crime becomes more sophisticated, the burden falls on security companies to develop and distribute better protection through products and services. And ultimately end-users -- or their IT departments or partners -- are responsible to stay abreast of threats and maintain proper protections."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.