Microsoft has filed what are believed to be the first lawsuits designed to stop the growing practice of malvertising The company has filed five suits against unnamed individuals who it has accused of posting malicious and deceptive code through ads on its MSN advertising network. The suits allege that individuals using the …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Friday 18th September 2009 19:44 GMT Chris C

So remove the code

"Microsoft doesn't know the names of the specific individuals involved, by filing the civil suits in a US court it hoped to uncover the individuals responsible and prevent them from continuing to deploy malvertising."

Lawsuits will do literally nothing to stop this, just as they've done nothing to stop spam. As the publisher of these ads, Microsoft, and Microsoft alone, has the power to eliminate or massively reduce this threat (yes, I'm ignoring end-user methods such as NoScript because few "mainstream" users will use such methods).

1. Make it clear, in no uncertain terms, that the banner is an ADVERTISEMENT.

2. Remove all executable code from the ad (Javascript, Flash, etc).

3. Remove all HTML elements (links, images, etc) which point to (or use as their source) executable content (.js, .exe, etc).

Those three steps would go a long way toward getting rid of "malvertisements". Unfortunately, it's extremely unlikely that an ad platform (MSN, Google, etc) would implement these measures because the ad revenue far outweighs the risk to the end user (and virtually no risk to the ad platform).

0 0
Friday 18th September 2009 19:44 GMT JRallo

So, microsoft profits more...?

Let me get this straight, these people paid MS to host ads for them (I assume like some kind of pay per click) now MS wants to sue them for being naughty, racking up more money...

So, MS gets money for these bad guys to advertise, and now they sue them....

Seems like a good all 'round way to make a profit!!!

Steps:

A) make an OS that comes with the default privs set to full/admin (XP) for users.

B) Sell spots to malware authors with out actually doing a full check of their wares

C) sue them once you find out they are naughty, thus finishing off the 3 level of profit making.

0 0
Friday 18th September 2009 19:44 GMT Qux

Just another revenue stream

I'm surprised that MS hasn't actively targeted this revenue stream earlier. After all, when a company with so many lawyers pointedly fails to lock the (security) doors, you've got to figure that they've already got a plan for making money from the scumbags that walk in past the "No Trespassing" signs.

0 0
Friday 18th September 2009 19:46 GMT Martin Edwards

What's code doing in an advert?

Advertising should be limited to static images and plain text. I make no apology for stating the bleeding obvious because it's obviously not obvious enough to MSN (obviously).

0 0
Friday 18th September 2009 19:46 GMT Anonymous Coward

In that case....

....a they suing themselves too!

I'm just leaving...

0 0
Friday 18th September 2009 19:46 GMT Anonymous Coward

Cudos to Microsoft...

I'm glad to see them taking action against those who mislead others about the functionality of a piece of software.

Hey, wait a minute.....why are you laughing?

0 0
Monday 21st September 2009 12:32 GMT theSensibleGeek

@JRallo

"Steps:

A) make an OS that comes with the default privs set to full/admin (XP) for users.

B) Sell spots to malware authors with out actually doing a full check of their wares

C) sue them once you find out they are naughty, thus finishing off the 3 level of profit making."

Precisely. When MS came out with OneCare antivirus, I found myself scratching my head, thinking "If they can detect threats, why isn't it built into the OS to make it secure".

Then it turned out OneCare sucked donkey balls.

Shocker.

0 0
Monday 21st September 2009 12:32 GMT The Original Steve

@JRallo

Straight?! You couldn't be more rounded if you try...

"these people paid MS to host ads for them (I assume like some kind of pay per click) now MS wants to sue them for being naughty, racking up more money..."

These people paid MS money to show adverts. However the people making the adverts were breaking the contract by trying to get end users to install software that was malicious. As such Microsoft is suing for breaking their rules.

A) make an OS that comes with the default privs set to full/admin (XP) for users.

See "Vista" or "Windows 7" - although I imagine your one of the IT "pro's" who tells people to disable UAC as it "breaks" everything.

B) Sell spots to malware authors with out actually doing a full check of their wares

The advert could be fine and harmless. The click through goes to www.goodsite.com. MS check it out. However 3 months later www.goodsite.com has been updated by the author to chuck malware.

Tell me... how is this going to be policed exactly?!

C) sue them once you find out they are naughty, thus finishing off the 3 level of profit making

Indeed, sue them. Any better ideas?!

Epic Fail - Twat.

0 0
Monday 21st September 2009 12:32 GMT deegee

I must be odd...

It seems most other comments are anti-MS on this.

Personally, I'm for it.

I wish more large web sites who place ads on them would go after those people who are putting mal-ads on. It should be globally illegal with a minimum 5 year prison sentence for anyone caught putting mal-ads online.

0 0
Monday 21st September 2009 12:32 GMT Big-nosed Pengie

The irony!

It burns!

0 0
Monday 21st September 2009 12:32 GMT James Loughner

Dancing Bears

"Advertising should be limited to static images and plain text. I make no apology for stating the bleeding obvious because it's obviously not obvious enough to MSN (obviously)."

Please, everyone knows you must have Dancing Bears to sell the snake oil.

Ok I see the door

0 0