Microsoft sues over malicious online ads

Aiming to crack down on a growing problem, Microsoft said it filed five lawsuits Thursday against parties it suspects of posting online advertisements laden with malicious code.

Microsoft has tried to work with ad networks to thwart such "malvertising" in the past, but this is the first time it has gone to court.

"Our filings in King County Superior Court in Seattle outline how we believe the defendants operated, but in general, malvertising works by camouflaging malicious code as harmless online advertisements," Microsoft Associate General Counsel Tim Cranton said in a blog posting.

In each case, Microsoft is suing the unknown parties responsible for the ads.

"Although we don't yet know the names of the specific individuals behind these acts, we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits," Cranton said.

In the past week, The New York Times' Web site was hit with a rogue advertisement that told readers that their computer may be infected with a virus and redirected them to a site that purports to offer antivirus software.

"Scareware is often distributed among criminals, which therefore results in many of the animations a user may see utilizing a common design and interface," a Microsoft told CNET News. "However, without additional information and specific details about the attacks, we cannot be certain that any of today's filings directly relate to the attacks on The New York Times' Web site."

Microsoft likened the latest lawsuits to prior legal action that it has taken against those suspected of click fraud or instant messaging spam.

"This work is vitally important because online advertising helps keep the Internet up and running," Cranton said. "It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo, and MSN. Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services."

[Pete Bardo]

Usually I hear "lawsuit" and "Microsoft" in the same sentence I think to myself, "meh". But this is different. It's amazing the MS has to go after these people as a civil matter when the act is clearly criminal. Those web sites don't sell anti-virus software, they install viruses. Some of those viruses have been the hardest to remove once infected.

Where are the internet police when you need them?

[Random_Walk]

"Those web sites don't sell anti-virus software, they install viruses. Some of those viruses have been the hardest to remove once infected."

...for some odd reason, "Symantec" kept coming to mind, and not as any sort of cure...

[rapier1]

Microsoft cannot bring criminal charges - that power is restricted to the state. It can certainly suggest that criminal charges be pursued but it's just not something it can do on its own.

[TotallyMadeUpName]

I think that's the point. Why aren't the authorities vigorously pursuing these cases?

[BrendanK]

The authorities probably are pursuing these cases, they've just got a LOT of cases of this type to pursue. By filing a lawsuit, MS can bring to bear private investigative and legal forces.
Plus civil and criminal cases have different standards of proof, meaning that even if the guilty party can avoid criminal prosecution with reasonable doubt, they might still be vulnerable to having everything they own be taken away in a lawsuit.

[tacit]

The authorities do pursue these cases; in fact, I'm aware personally of several ongoing criminal investigations related to this kind of malware.

The problem, and the thing that will likely prevent Microsoft from succeeding, is that nearly all the criminals operate in Russia or elsewhere in Eastern Europe. US law can't touch them; there are no extradition treaties between here and there. And law enforcement is lax in many parts of Eastern Europe even on the rare occasions where there are laws in place to prevent this kind of thing.

[mistasandman]

This is a problem I'm starting to see more and more of... it's high time something was done about it.

[Chapmaniac]

I spend a good deal of my time as an IT support person dealing with things like "Antivirus Pro 2010" and I applaud Microsoft's efforts.

[boofuu]

I second that applause. Good for you, Microsoft!

[EdCenter]

I think this is one of the ways Microsoft can improve their image that the Linux community cannot compete in. Although Linux can harp about how their software is better, Microsoft can fight for their users with lawsuits like these (as they have the capital to do so). Imagine if Microsoft, with their size, aggressively sued email spammers. Not only would this cut down on their Hotmail volume, but it'll also improve their public image.
Or they can just let this lawsuit episode be a footnote in their history and continue being known as M$.

[Random_Walk]

"I think this is one of the ways Microsoft can improve their image that the Linux community cannot compete in. "

Yeah... if only the Linux community were even 1/100000th as beset by viruses.

Oh, well - can't win them all, I guess.

[Benf]

Random_Walk: The reason that Linux has 1/100000 less viruses is because Linux has 1/1000000 less people using it, remember, there are more people beta testing Window$ 7 in the US than use Linux in the entire world.

[renGek]

I hate people's attitude of "this isn't my concern because it hasn't happened to me". In every walk of this this happens, be it computers or health and disease. People reacted the same way to hiv. I'm not at risk so why should I care. Because eventually it WILL affect you. And by then it may be too late for you to do anything.

People are so complacent and narrow minded. I encountered 2 linux users out of 200,000 (about 5% of those are mac, the rest are windows) that I have had dealings with. Those 2 are the most obnoxious and have the most god complex out of the 200,000 follow by a few almost as annoying mac users and then a couple of windows users who have no clue.

[pd2care]

I agree with renGek on this one. The more people who think they are invulnerable to these attacks b/c they are using a MAC or Linux are just plain ignorant. The malware will get you and if you're not prepared you're going to end up up the proverbial creek without a paddle. I agree too that these MAC/Linux users have this God complex about them, thinking that their system is soooo much better than a Windows PC and they don't ever have to worry about these sorts of attacks. BS

It's good to see Microsoft trying to pursue these a**hole Hackers who are causing so much grief for people who just want to use a computer to stay connected with other people. Their only purpose is to cause chaos and these type of people need to be stopped. I'm wondering when someone with enough smarts and resources is going to turn around and completely turn the tables on them. Attack them, find out where these a**holes are hiding, (probably their mother's basements) and completely f them up. It's gotten to the point where people need to start stepping up and being more proactive in this sort of fight. Having a half dozen Anti-Virus programs on your computer isn't going to prevent all the incoming attacks. We need to start attacking the attackers.
Sorry for the rant but that's one thing that really pisses me off: HACKERS.

[Random_Walk]

"The reason that Linux has 1/100000 less viruses is because Linux has 1/1000000 less people using it"

So you can explain why the old MacOS was a virus-ridden pile of crap in spite of its even smaller marketshare, then?

...or maybe you can explain why IIS gets popped far more often than Apache (note that I'm not talking scripting languages here, but the services) - after all, Apache has a larger marketshare for web servers.

--

"I hate people's attitude of "this isn't my concern because it hasn't happened to me"

Actually mine is more like "this isn't my concern because I actually use my brain when I'm online."

"I encountered 2 linux users out of 200,000"

You actually met 200k human beings and know what computers they run and/or prefer? Wow - I've seen unsupported assertions that have been obviously pulled out from unmentionable places before, but that one really ranks up there.

[Dalkorian]

Apparently Benf only knows about desktop computers and never heard the words "server" or "world wide web" before.

[cp256]

Linux and unix users tend to be more attuned to the nuts and bolts of the OS (but that's slowly changing with linux) and the occasionally found holes usually get patched fairly quickly by the open source community. Something that I have seen on the rise with unix servers (I don't use linux, but I think those are the most common targets actually) are PHP and login attacks via SSH and FTP. Some PHP installations are horribly insecure and have enough hooks into the OS for an intruder to be able to be able to use it as a virtual shell account on the box. I monitor all my server and firewall logs daily and while dictionary login attacks have held steady over the past couple of years, virtual web server hosted account attacks are on the rise. Their latest trick is to try some form of the hostname as a username and password. I have a growing list of over 1,200 bogus and non-human usernames that the would be intruders have tried and keep trying that are automatically distributed to each of my servers that have a homegrown auth log monitor running. One failure on any of those names and the offending IP address is automatically firewalled from being able to reach any of my boxes so I don't have to bother with 5,000 log lines of failed dictionary attempts. In 14 years I've only had two exploiters actually get to a shell prompt and they didn't last long at all. One of them had the audacity to send me a message that I couldn't keep him out of the box and that was the last thing he ever did on one of my machines. Now I'm sure that someone exceedingly good at it could get into one of my boxes one way or another, but it wouldn't be for long because I am insanely diligent about security and what all my boxes are doing 24/7. I ALWAYS sleep with a network monitoring notebook next to my bed that raises hell if anything the least bit unusual happens, even on my IRC servers. I'm never very far for very long from a machine that is watching the network. I'm not paranoid because someone IS trying to break into my network at any given time and I have the daily logs to prove it.

The bottom line is that NO OS is safe from someone who wants to use it for their own purposes and no matter how good you are, there is someone out there who is better. To believe anything else in this day and age is suicidal.

[williambertram]

I agree with the above posters. All of the Antivirus 2009, 2010, etc. programs are CLEARLY malware. I don't think there is a serious argument that this is legitimate software.

[01Phyxius]

Says you, a (semi-)computer-literate person. What about all the old grannies who see that and go "O MY GOD I HAVE A VIRUS PLEASE SAVE ME!" and install it?
I never thought I would say this, but:
Way to go MS!

[dallas7]

@01Phyxius
True. It's just an old granny thing.
Highly skilled yoots would never install it.

[STARWOBBLE]

Ditto. I run linux on my computers. I love getting pop-ups informing me that my C:\ drive is infected. I don't have .dll files, suckers!

i own a mac . . . whats all the fuss about??

[contentcreator--2008]

These ad-delivered crapplets can bite you too, they can run in Javascript and do unpleasant things regardless of the host, including subjecting you to phishing attacks and using your machine as a distributed click-farmer or password cracker.

[dallas7]

Burger King clearly makes a better hamburger.

[Maclover1]

@contentcreator the key word in your comment is.....

"CAN"

There is a huge difference between can and has. Vista was supposed to cut back on this crap. I have personally used malware bites to remove Anti-Virus (insert year here) from at least a dozen Vista machines of friends and family.

I am not saying Macs are imune, but in all my years of using Macs, I have never had malware of any kind and I have never used anti-malware software.

The geek squad is making money hand over fist of this kind of stuff. I feel sorry the for the joe-windows user, especially those with kids that live on social media sites.

[captain_numerica]

I own a lawnmower.

I haven't read the article, can someone explain to me what the fuss is about?

[mistasandman]

Why is it that the 'Apple Weirdos' always have to show up and make everything an ApplevsMicrosoft thing?

Maybe you're here because you mistakenly infected it with crab grass.

[cary1]

Don't worry about it. When you come back to real world and have a real job let's say in a corporate office then you will know.

Now go back to making the website for your cat on the new iCrap

[jay217]

"i own a mac . . . whats all the fuss about??"

Ivory towers are not invincible.

[Random_Walk]

"When you come back to real world and have a real job let's say in a corporate office then you will know."

You;re right - my RHEL/Oracle farm doesn't run on OSX, nor do the VMWare ESX-based farms I keep humming. Whoda thunk it?

(interestingly enough, our biggest local reseller/VAR has standardized on Macs).

[Jive_talkin]

That means you are special. Short-bus special 8 )-

Look, macs are easier to use and offer a less intrusive user experience. It probably has something to do with the whole product being created by ONE company. There's just too many chefs (including the ones who bring arsenic to dinner) in the PC kitchen.

[lazycat202]

there will be many good dishes and many choices. :P

[lazycat202]

there will be many good dishes and many choices. :P
oh! 1 more thing! my company's cafeteria got 1 chief and we've to eat whatever he give us. Same foods every week! eat it or leave it!
on another hand, my 2nd job, it has 2 chiefs and they feed us good. More dishes and more choices.

Maybe you're here because you mistakenly infected it with crab grass.

[carltonleesg]

Yeah! In the future the average JOE will now think that any virus or anti virus advertising is a scam. Is this a way of finding and punishing offenders or Microsoft partners that sell anti-virus software.

At the local major computer store Microsoft has a big wall between them and the anti-virus sellers/offenders. Maybe they should put some effort into working with the anti-virus vendors.

The failure including bad sites is all Microsofts.....

Solutions:
1. Microsoft set up a site to sell the various anti-virus solutions. Actively work with the anti-virus vendors.
2. Microsoft could include/sell it own anti-virus.
3. Fix the problem.

[rapier1]

Solutions 1 and 2 have been part of MS for years now. As for solution 3... that's a bit more complicated. Buying a Mac or just using Linux doesn't really solve the problem or even mitigate it all that much. You really need to start with a top down rewrite of the underlying protocols that define the internet.

[Random_Walk]

"...or even mitigate it all that much."

I was agreeing with you up until that last bit up there. Seriously - anything OS-wise is inherently safer than Windows. Now Windows 7 may change that, but I'm not holding my breath any...

[rapier1]

I was thinking about the mitigation in terms of if Linux or OS X were the dominant architectures. If you had OS X or Linux with 85% market share you'd have the same problems. The attack surfaces are pretty broad and the motivation is strong.

[DOTA AllMoons]

@carltonleesg

1. Microsoft already has Windows Marketplace (or Microsoft Store) selling AVs
2. Microsoft will be releasing MSE soon enough. not to mention its Defender and firewall

i really fail to see why bad sites are MS fault...

i've never been infected in Vista. No AV. just defender and firewall at default settings..

[Random_Walk]

Psst! "Defender" is an antivirus solution.

[llungster]

You don't have to be a Windows user to know that when an ad pops up with misleading info and installs a virus or other malware, it's simply wrong. This is not a question of what OS you use. We just need to hit these people where it hurts most and MS has the resources to do it. It's about time they did this.

[Dust_Puppy]

REQUEST TO CHANGE ARTICLE TITLE!!!!!!

Seriously . . . this is interesting but "malicious ad" and "sues" implies they're being childish. This is a valid lawsuit/article . . . give it a valid title please.

---- To the pundits, stop trolling Microsoft.

A/V software uses the same principals of censorship, which is why it's largely ineffective. Monitoring 'everything' takes a LARGE amount of resources. Closing loopholes without closing interoperability is also a huge (but necessary) resource hog (financially that is) so don't over-simplify it.

Unix is great, but I *STILL* can't install upgraded hardware drivers after 3 years of passing use (I just update to a newer version of the kernel hehe) . . . usability and security is a balancing act.

[Random_Walk]

s'okay about the driver thing... I'm still waiting for firewire driver support for Windows 7 on this crappy new Dell I'm stuck with.

[lazycat202]

i'm using linux and where are the viruses and spywares?
I'm using OXS and I got no viruse and spyware things
I'm using Win7 and haven't got one.

WAKE UP people!! Nothing is immute to viruses! Apple weirdos always think they're top people in this world. Linux users think that they're the best. Windows users are blaming Microsft. Gezzz!! Get a life!! It's your job to take care of your PCs.

anyways, MS should sue malicious online ads companies , shut them down, get some $$ to build better Malware protection software and distribute for FREE.

[does.tv]

I guess I'm a bit slow here. How do you sue an unknown entity? While this may be a good thing, I don't understand the law enough to know how it can be done.

I'm just thinking about sueing the unknown party that dropped some nails on the road that gave me a flat tire. If I can ever figure out who it is, they're dead meat...

[WDS2]

This explains it partly:

http://legal-dictionary.thefreedictionary.com/John+Doe+lawsuit

What happens is they start a John Doe lawsuit and then they can force the companies who host the ads to turn over their records of who placed them and paid for them.

[Renegade Knight]

Well heck, MicroSoft does a good thing.

[winstein]

I don't think lawsuits are the answers. For all we know, criminals could have used stolen ID with stolen credit card to purchase ads placements.

[tacit]

The criminals do this in order to make money; at some point, there is a money trail back to them. It might be convoluted, and pass through several credit card merchant accounts and transaction processors, but it's there. The lawsuit helps Microsoft to get access tothe records that lead back to the criminals.

However, I doubt it will do much good. My money says they're in Eastern Europe somewhere, safely away from the reach of US law.

[BtmnHatesRbn]

Suing who now? A group of hackers/crackers in Trinidad and Tobago? Yeah, right.

[Dalkorian]

This is brilliant if you think about it. Either SPEND MONEY trying to fix the disaster that your OS actually is, or try to MAKE MONEY by suing people for exploiting it!

[Lennron]

Yeah, that makes sense. These ads trick people into downloading the software meaning it doesn't matter how secure your OS is. And you have to SPEND MONEY to file a lawsuit. You really think they're going to make millions off of people who live in their parent's basement with nothing better to do than write viruses? You could at least TRY to be a little more realistic.

[DMBoricua]

Wow, Microsoft must be really pissed at malicious ads to be filing lawsuits. I'm glad Microsoft is doing something about it anyway, I guess this type of malware is affecting a lot of people, I guess, the average joe in computers since I know what to click and what not.

BTW I do believe Macs are 100% immune to malware. Because guess what, there is currently absolutely NO viruses whatsoever for the Mac out there! And now as Apple improved their OS in Snow Leopard to be almost all 64-bit they have taken a huge step to filling security holes, because of the 64-bit coding. This means double the security, and nothing will be able to go through Mac OS X Snow Leopard's tough shields. Nothing will, and will ever in the future.

[DMBoricua]

I'm sorry, I've come across an article saying that Mac is not 100% immune, as said by Apple themselves, and that you would need to use antivirus software for the "added protection". Whatever, when I do get my Macbook I'll get iAntivirus, the best free antivirus software there is for the Mac out there, and seen as THE best antivirus compared to other name brands like McAffee and Norton. So I'll be good with that program.

Article: http://www.darknet.org.uk/2009/08/mac-os-x-snow-leopard-bundled-with-malware-detector/

iAntivirus download page: http://www.apple.com/downloads/macosx/networking_security/iantivirus.html

[douggdangger]

What's a Mac?

Nobody seems to give a phuck about things that barely make up 8% of the market.

That's all.