News

Microsoft Takes on Malvertising

Microsoft last week filed a civil lawsuit against five companies for allegedly spreading malicious online advertising.

The case centers on the practice of "malvertising," where an online ad directs a user to a Web site with malicious code after being clicked. The defendants named in Microsoft's lawsuit, filed in Seattle's King County Superior Court, include Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC and ote2008.info.

Malvertising typically leads to "scareware," a pop-up notice on a Windows machine telling the user about a security threat. The notice directs the user to download an "antivirus program" that may turn out to be malware.

Microsoft is asking the court to shut down these companies because they allegedly used Microsoft's AdManager service, which filters and conveys ads on Web sites. Redmond contends that the defendants used AdManager as a platform to launch attacks.

The lawsuit is "vitally important because online advertising helps keep the Internet up and running," according to Microsoft's Associate General Counsel Tim Cranton, in a blog post. "It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN."

Cranton added that "fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry" and to those who use such free or low-cost services on the Internet.

Tyler Reguly, a security research engineer at nCircle, wonders if the whole tech ecosystem has gone overboard with monetizing the Internet. Advertisements of all kinds get pushed to make money, so that in the current environment, users can scarcely see a page load without stumbling upon ads. And some of those ads are questionable, even on legitimate sites.

"Malvertising is definitely a growing trend and a dangerous one, but at the same time, I don't know that a civil suit will really accomplish much beyond bringing attention to the issue, but that may be Microsoft's goal," Reguly said.

Microsoft has also tried to protect its ad platform from "click fraud," where ads get clicked repeatedly by a person or program to increase costs for advertisers. The company filed a civil lawsuit over the matter in June. 

While court battles rage on, software security companies remain on the front lines.

"Microsoft has made this a legal issue by bringing action in the courts, but the issue still remains at the core a technical matter," said James Michels, vice president of marketing at security service firm ANXeBusiness. "As cyber crime becomes more sophisticated, the burden falls on security companies to develop and distribute better protection through products and services. And ultimately end-users -- or their IT departments or partners -- are responsible to stay abreast of threats and maintain proper protections."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.