Microsoft Files Five Lawsuits To Halt Malicious Advertising

Microsoft on Tuesday filed five civil lawsuits in Seattle's King County Superior Court to combat malicious online advertising, or malvertising.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company's online advertising platform.

"These ads then lead to harmful or deceptive content," said Microsoft associate general counsel Tim Cranton, in a blog post. "For example, ads may redirect users to a Web site that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer."

Cranton says that malicious ads can also infect vulnerable computers with Trojan software, which can steal data, hinder operation, or turn computers into zombies, or bots.

Click Forensics, a company that tracks click fraud, on Thursday said that it had discovered a 200,000 computer botnet -- a group of compromised computers harnessed to work in unison -- linked to the Microsoft lawsuits. In a blog post, Steve O'Brien, VP of sales and marketing at Click Forensics called it "one of the most advanced sources of click fraud we've seen."

The botnet, known as the "Bahama botnet" because it at one time directed online traffic through computers in the Bahamas, is believed to be linked to the malicious advertising that appeared on the New York Times Web site several days ago, according to O'Brien.

Although O'Brien suggests that the cyber crime group believed to be responsible is located in Ukraine, Richard Boscovich, senior attorney at Microsoft for Internet safety enforcement, said in a phone interview that it's not clear where the people responsible are located.

In early 2008, Niels Provos, a security engineer at Google, said in a blog post that about 2% of malicious Web sites were distributing malware through advertising, based on an analysis of about 2,000 known advertising networks.

In June, Google launched Anti-Malvertising.com to help its ad network partners identify potential providers of malicious advertisements.

Microsoft last October cited Adobe Flash files as a growing medium for malware distribution.

The trend was also noted by Finjan, a security company. "We have started to see 'in the wild' cases where Flash-based ads are being used by cybercriminals," Finjan's Q4 2008 Web Security Trends Report states. "Due to the simplicity of these techniques, we believe it will evolve into a major trend in 2009."

Boscovich said that malvertising "is definitely an emerging threat. We're seeing more of it."

Malveristing presents a problem to companies that depend on online advertising because its existence justifies the use of ad blocking software. Approximately 1% of Internet users worldwide -- 5% of Firefox users -- use ad blocking software. If that number grows in response to an increase in malvertising, online ad revenue is likely to suffer.

As Microsoft's Cranton put it, "This work is vitally important because online advertising helps keep the Internet up and running. It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN. Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services."

Boscovich advises users to keep their antivirus software up-to-date and to install operating system updates. "And don't provide any personal information to Web sites that you're not sure of," he said.

InformationWeek Analytics has published an independent analysis on data-loss prevention. Download the report here (registration required).