Microsoft Puts Malvertising In its Legal Crosshairs

Microsoft this week filed five civil lawsuits in Seattle's King County Superior Court alleging that unknown individuals using various business names used Microsoft's online ad platform, Microsoft AdManager, to distribute malicious software.

Malicious online advertising, also known as malvertising, is a security risk for Web surfers because it can infect user computers with dangerous Trojan software and also redirect users to other harmful content.

According to Microsoft Associate General Counsel Tim Cranton, Microsoft's five lawsuits target suspected malvertisers who used the business names "Soft Solutions," "Direct Ad," "qiwerowq.com," "ITmeter INC" and "ote2008.info."

"Although we don't yet know the names of the specific individuals behind these acts, we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits," wrote Cranton in a Thursday post to Microsoft's "Microsoft On the Issues" blog. In another development apparently related to Microsoft's anti-malvertising efforts, a 200,000 computer botnet was discovered by Click Forensics, a company that tracks and reports instances of click fraud.

According to Click Forensics Vice President of Sales and Marketing Steve O'Brien, the botnet known as the Bahama botnet is believed to be linked to both Microsoft's malvertising targets and the malvertising attack on The New York Times Web site from earlier this week.

"Interestingly, the Bahama botnet appears to be closely related to the recent spate of 'scareware' attacks, such as the one perpetrated against The New York Times digital site just a few days ago," wrote O'Brien in a Click Forensics blog post Thursday. "What makes the botnet so insidious is that it operates intermittently so that the user doesn't really know that anything is wrong. Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries. And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent."

In the Microsoft blog post, Cranton urged users to make sure they have updated antivirus, antimalware, antispyware and firewall tools, be cautious about using programs they don't recognize to scan their computer and be vigilant about giving out personal information to only secure sites. Cranton also noted Microsoft's recent actions against click fraud and instant messaging spam.

"This work is vitally important because online advertising helps keep the Internet up and running. It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN," he said. "Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services."