News

Microsoft Takes on Malvertising

Microsoft last week filed a civil lawsuit against five companies for allegedly spreading malicious online advertising.

The case centers on the practice of "malvertising," where an online ad directs a user to a Web site with malicious code after being clicked. The defendants named in Microsoft's lawsuit, filed in Seattle's King County Superior Court, include Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC and ote2008.info.

Malvertising typically leads to "scareware," a pop-up notice on a Windows machine telling the user about a security threat. The notice directs the user to download an "antivirus program" that may turn out to be malware.

Microsoft is asking the court to shut down these companies because they allegedly used Microsoft's AdManager service, which filters and conveys ads on Web sites. Redmond contends that the defendants used AdManager as a platform to launch attacks.

The lawsuit is "vitally important because online advertising helps keep the Internet up and running," according to Microsoft's Associate General Counsel Tim Cranton, in a blog post. "It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN."

Cranton added that "fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry" and to those who use such free or low-cost services on the Internet.

Tyler Reguly, a security research engineer at nCircle, wonders if the whole tech ecosystem has gone overboard with monetizing the Internet. Advertisements of all kinds get pushed to make money, so that in the current environment, users can scarcely see a page load without stumbling upon ads. And some of those ads are questionable, even on legitimate sites.

"Malvertising is definitely a growing trend and a dangerous one, but at the same time, I don't know that a civil suit will really accomplish much beyond bringing attention to the issue, but that may be Microsoft's goal," Reguly said.

Microsoft has also tried to protect its ad platform from "click fraud," where ads get clicked repeatedly by a person or program to increase costs for advertisers. The company filed a civil lawsuit over the matter in June. 

While court battles rage on, software security companies remain on the front lines.

"Microsoft has made this a legal issue by bringing action in the courts, but the issue still remains at the core a technical matter," said James Michels, vice president of marketing at security service firm ANXeBusiness. "As cyber crime becomes more sophisticated, the burden falls on security companies to develop and distribute better protection through products and services. And ultimately end-users -- or their IT departments or partners -- are responsible to stay abreast of threats and maintain proper protections."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus