News

Microsoft Takes on Malvertising

Microsoft last week filed a civil lawsuit against five companies for allegedly spreading malicious online advertising.

The case centers on the practice of "malvertising," where an online ad directs a user to a Web site with malicious code after being clicked. The defendants named in Microsoft's lawsuit, filed in Seattle's King County Superior Court, include Soft Solutions, Direct Ad, qiweroqw.com, ITmeter INC and ote2008.info.

Malvertising typically leads to "scareware," a pop-up notice on a Windows machine telling the user about a security threat. The notice directs the user to download an "antivirus program" that may turn out to be malware.

Microsoft is asking the court to shut down these companies because they allegedly used Microsoft's AdManager service, which filters and conveys ads on Web sites. Redmond contends that the defendants used AdManager as a platform to launch attacks.

The lawsuit is "vitally important because online advertising helps keep the Internet up and running," according to Microsoft's Associate General Counsel Tim Cranton, in a blog post. "It's the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN."

Cranton added that "fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry" and to those who use such free or low-cost services on the Internet.

Tyler Reguly, a security research engineer at nCircle, wonders if the whole tech ecosystem has gone overboard with monetizing the Internet. Advertisements of all kinds get pushed to make money, so that in the current environment, users can scarcely see a page load without stumbling upon ads. And some of those ads are questionable, even on legitimate sites.

"Malvertising is definitely a growing trend and a dangerous one, but at the same time, I don't know that a civil suit will really accomplish much beyond bringing attention to the issue, but that may be Microsoft's goal," Reguly said.

Microsoft has also tried to protect its ad platform from "click fraud," where ads get clicked repeatedly by a person or program to increase costs for advertisers. The company filed a civil lawsuit over the matter in June. 

While court battles rage on, software security companies remain on the front lines.

"Microsoft has made this a legal issue by bringing action in the courts, but the issue still remains at the core a technical matter," said James Michels, vice president of marketing at security service firm ANXeBusiness. "As cyber crime becomes more sophisticated, the burden falls on security companies to develop and distribute better protection through products and services. And ultimately end-users -- or their IT departments or partners -- are responsible to stay abreast of threats and maintain proper protections."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • SharePoint Embedded Becomes Generally Available

    After a six-month preview, SharePoint Embedded, an API-based version of SharePoint that developers and ISVs can use to embed Microsoft 365 capabilities into their apps, is now generally available.

  • Copilot in Microsoft 365 Getting Agents, Extensions and Team (Not Teams) Support

    Microsoft is adding more functionality to its Copilot AI assistant aimed at improving business collaboration, processes and workflows for Microsoft 365 users.

  • Microsoft Giving Startups Templates To Build AI Apps

    A new perk for businesses enrolled in the Microsoft for Startups Founders Hub program aims to fast-track their ability to build AI-powered applications.