Forgot your password?
typodupeerror
Microsoft Security The Courts Your Rights Online

Microsoft Files Suits Against "Malvertisers" 205

Posted by kdawson
from the prefix-of-the-hour dept.
eldavojohn writes "Reuters is bringing us news of five civil lawsuits filed by Microsoft against 'Soft Solutions,' 'Direct Ad,' 'qiweroqw.com,' 'ITmeter Inc,' and 'ote2008.info' that allege they 'used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.' Microsoft's Tim Cranton outlined the suits and provided links to all the filings for download. 'Cranton added that names of specific individuals behind these activities were not known and the lawsuits were being filed to help uncover the people responsible.'"
This discussion has been archived. No new comments can be posted.

Microsoft Files Suits Against "Malvertisers"

Comments Filter:
  • by NecroPuppy (222648) on Friday September 18, 2009 @12:51PM (#29468933) Homepage

    Shatnerian... levels... of... confusion...

    Who... to... root... for... or... against...

    Microsoft... or... the... malware... people...

    • Re: (Score:2, Funny)

      by Abreu (173023)

      The enemy of my enemy?

      Nah!

      I wish them joy of each other!

      • by CorporateSuit (1319461) on Friday September 18, 2009 @01:22PM (#29469407)

        wish them joy of each other!

        Anger is an aphrodesiac. The Malware companies have been seducing Microsoft for all this time, and now Microsoft has finally broken the ice. It's tsundere approach only quickens the heartbeat of the malware companies. Once Microsoft has them in court, the judge is throwing the book at them, the Malware companies will look up to Microsoft and say "You have me where you want me, now what do you want to do with me?"

        At which point, Microsoft will smile, the fade of anger will reveal the flush of lust behind it. From the conjoining of these two, sweaty bodies of software production will emerge the glow of new life -- Microsoft Windows Lovechild.

        The spawn of Microsoft and Malware will install itself upon any computer it comes in contact with. Lovechild (or MWL for short) will ask the user "You really want this installed on your system don't you?" If you type "N" it changes the background color to an alluring pink and says "Sometimes, when a user is scared, when they say 'no' they mean 'yes'" and then it proceeds to install itself upon your system.

    • by T Murphy (1054674)
      Well said.
    • Re: (Score:2, Interesting)

      by someone1234 (830754)

      It's a no brainer for two reasons.

      1. There are two evils fighting.
      One of them has some legal business, the other is purely illegal and harmful.
      Choose the lesser evil.

      2. The malware people don't work to eradicate M$. So, if they 'win', it means both evils stay around.
      M$ doesn't have much chance, but if they 'win', it means, one (or more) evil stops bothering us.
      Choose the meaningful choice.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Must be hard casting everything as absolute good or evil.

      Enjoy your cognitive dissonance. You may, in time, grow to have an intellectually mature point of view.

    • Re: (Score:2, Flamebait)

      by FudRucker (866063)
      What I see microsoft really doing is...

      since microsoft can not (or will not) build secure operating systems and the operating systems they do produce has a long standing reputation of vulnerabilities they are going to sue the people that take advantage of the stupider customers of their products, so in the long run microsoft is just protecting the stupider customers proving microsoft likes stupid customers that do not tend to learn from their mistakes (whom are most likely the biggest part of their custo
      • Your sig line is ironic in relation to your post.

        The users aren't stupid if they are confused by what looks like a legitimate warning telling them to update their virus-scanner.

        • by sqrt(2)
          "The most secure OS in the world, not even Linux nor OSX, isn't going to be able to protect you when you decide to authorize and run an .exe file you downloaded."

          Question. Since I've never had one single flying lesson in my life, would you say I was stupid if I got into a Learjet, only to crash and burn? Or, if someone who had never been in a tractor trailer decided to jump in and drive one - would he be stupid when he drove it off the side of a mountain?

          I say, operating something that you are

          • Question. Since I've never had one single flying lesson in my life, would you say I was stupid if I got into a Learjet, only to crash and burn? Or, if someone who had never been in a tractor trailer decided to jump in and drive one - would he be stupid when he drove it off the side of a mountain?
            Yeah but then I'd expect it to be obvious to most people that planes and road vehicles are dangerous and that most people will have been told that it is illegal to drive them without proper licensing.

            Only the braind

      • by sopssa (1498795) * <sopssa@email.com> on Friday September 18, 2009 @01:37PM (#29469609) Journal

        You can blame "insecurity" of Windows all you want, but do you actually have an answer to how to make it better then? Before all the usual arguments come:

        - These malware work just aswell on user account, you do not need admin/root access.
        - Locking up the whole OS so that user is in 100% controlled environment is a no go, as seeing here on slashdot about iphone and other systems that do it.
        - Malware goes where the user is. If linux had ~95% marketshare on desktops, majority of malware would be there because thats where the users are.
        - Theres nothing on Linux that does anything to prevent this kind of malware - you only get more security because there's not many users. If you suggest everyone moving to it, what happens?
        - Conficker excluded, theres not really exploits in the Windows itself now a days. They're mostly from third party software like Flash and PDF reader.

        This isn't about OS security, its about user stupidity to install random crap. That wouldn't change even if the OS marketshare would be different.

        • by Kamokazi (1080091) on Friday September 18, 2009 @02:31PM (#29470331)

          Actually the Conficker hole was patched nearly a year ago. Microsoft has gotten their shit together with security so much recently that you can legitimately argue that it may be comparable to your average Linux distro...I'm not saying that is the case, I REALLY do not want to go down that path, my overall point is that 5 years ago, anyone who made the statement I just did would have been ridiculed as a moron, and rightly so.

          But you hit very good points...no matter how secure an OS is, it has to listen to its dumbfuck user. The only way to protect against stupid users is to limit rights to oblivion, but then you limit the usefulness of the system. In most cases, the OS cannot determine what is desired behavior of a program or not.

        • - These malware work just aswell on user account, you do not need admin/root access.

          I believe that is mostly, if not entirely correct. Obviously, there is a design flaw in security; a user account should never be capable of screwing up system files and system settings. Period.

          - Malware goes where the user is. If linux had ~95% marketshare on desktops, majority of malware would be there because thats where the users are.
          - Theres nothing on Linux that does anything to prevent this kind of malware - you only

        • by dgatwood (11270)

          It's actually pretty simple to get most of the way there:

          • The entire OS is write protected.
          • No code allowed in the kernel unless signed by a key from a company whose key is signed by the OS vendor, with a command-line software switch to disable the check for geeks who want to tinker, confident in the knowledge that people are more terrified of the command line than they are of anything else, including malware.
          • All applications and plug-ins must be self-contained bundles of files. No outside helpers may be in
          • Wow. I'm impressed. The list looks pretty darned comprehensive. What's more, some of those ideas Linux to improve security. The plugins thing, and the "authorized" repository for instance. My browsers are actually rather sloppy about that, now that you point it out.

            You should get onto one of the major Linux development teams, and sell them on the idea. You know how Linux is - get great ideas incorporated in one distro, and the rest tend to pick them up. ;^)

          • My guess is that Microsoft will have to worry about whiney users complaining about "The new DRM Microsoft wants us to use." And it will break things.

        • by gad_zuki! (70830)

          >Locking up the whole OS so that user is in 100% controlled environment is a no go, as seeing here on slashdot about iphone and other systems that do it.

          Or a balance like running as limited user and upping your privs via the UAC, but people here complain about that too. Look, the slashdot mob isnt rational, its just people airing their frustrations in a two minute hate that never ends. Luckily, in the real world the slashdot mob doesnt exist. People deal with the UAC, run AV, and get on with their lives.

        • by Sloppy (14984)

          You can blame "insecurity" of Windows all you want, but do you actually have an answer to how to make it better then?

          Sure!

          First, the easy one: switch to a Unix-like OS. Currently, I suggest Linux. If everyone switched to Linux, then everyone would be typing "chmod u+x malware.sh" prior to installing their malware. Keyboards would wear out and then people would lose the ability to install malware. Problem solved. But seriously: executable files is something that Windows gets just plain wrong, and we all

      • by sqrt(2) (786011) on Friday September 18, 2009 @01:38PM (#29469615) Journal

        The most secure OS in the world, not even Linux nor OSX, isn't going to be able to protect you when you decide to authorize and run an .exe file you downloaded.

        • Re: (Score:3, Informative)

          by QuoteMstr (55051)

          Really [lwn.net]?

        • Re: (Score:3, Informative)

          I don't believe you can run an .exe file on Linux or MacOSX. You can only do that in Windows.

          MacOSX tells me whenever I ask it to run a file downloaded from the net for the first time. The OS needs to get in the user's face a little, because downloaded executables carry risks that executables installed from local media do not.

          • Well - I don't have the most_secure_configuration in the world. I can download and click a .exe on my Linux desktops, and since they are associated with Wine, they run. Of course, the random .exe will fail to install itself, because the malware writer wasn't targeting Linux or Wine.

            If I'm ever bitten by this little bit of carelessness, I will do things differently.

            BUT, we are right back to the idea that a user with a clue won't download and run that random .exe.

          • Re: (Score:3, Informative)

            MacOSX tells me whenever I ask it to run a file downloaded from the net for the first time.

            So does Vista [case.edu] - in fact, if you have antivirus installed (and it properly integrates with OS by using the corresponding APIs), it will even make it scan the file before starting it for the first time.

            • by ajlisows (768780)

              MacOSX tells me whenever I ask it to run a file downloaded from the net for the first time.

              So does Vista [case.edu] - in fact, if you have antivirus installed (and it properly integrates with OS by using the corresponding APIs), it will even make it scan the file before starting it for the first time.

              Of course, One of the big complaints with Vista was that the OS got in your face every time you tried to do something that could cause problems, simply because Windows Users became acclimated to being logged in as Administrator and being able to do whatever the heck they wanted without question. Granted, Windows Vista was a little extreme with the amount of times that they asked if you wanted to allow something to run. I don't know for sure, but I do not think that you could adjust the alert levels in Vis

              • by sqrt(2) (786011)

                It's no more extreme than Ubuntu, and easier to handle because you don't have to type a password (this isn't necessarily more secure, however). Actually, I run into more privilege escalation screens when I am first setting up Ubuntu than I do after I install Vista or Windows 7. I've done each probably hundreds of times now with various configurations.

        • by Animats (122034)

          The most secure OS in the world, not even Linux nor OSX, isn't going to be able to protect you when you decide to authorize and run an .exe file you downloaded.

          Actually, no. It's quite possible to have a system where the downloaded .exe file is in an untrusted security compartment of a mandatory security system, such as SELinux provides. You can then run it, but it can only work on other untrusted data. That's good enough for a game.

          For historical reasons, UNIX, Linux, and Windows tend to give appli

      • by Khyber (864651) <techkitsune@gmail.com> on Friday September 18, 2009 @02:03PM (#29469973) Homepage Journal

        You know, I think you need more perspective on this.

        It's not the insecurity of Windows, it's the Insecurity of all these third party plugins (JAVASCRIPT, FLASH, I'M LOOKING AT YOU) that cause these problems to start with, plus DRM rootkits on music discs and movies that open up more holes in our system.

        New technology, new vulnerabilities and exploits. Flash and JavaScript are the two most commonly used points of infection.

        Really, the fault isn't entirely on Microsoft. Start blaming Adobe, Sun Systems, and the Music/Movie industry, as the biggest part of this lies squarely upon their shoulders.

      • Re: (Score:3, Funny)

        by ClosedSource (238333)

        "since microsoft can not (or will not) build secure operating systems"

        MS could build a more secure OS than Windows but nobody would buy it because they want to run Windows apps.

      • What I see microsoft really doing is...

        since microsoft can not (or will not) build secure operating systems and the operating systems ... so it all boils down to the greedy protecting the stupid so the greedy can keep selling them poorly designed products...

        Personally I could see Microsoft just doing this so nobody notices that they're drowing baby kittens for fun. I mean it's easy to picture, right?

      • by Locutus (9039)
        the problem here is that Microsoft's best customers, those clueless fools who fall for these malvertisements are the same people who will get sick of paying over $200 a shot to have someone fix their computer and after 2 or 3 times will jump ship to the Mac. I've already seen this so I can see why this has Microsoft concerned.

        These computer illiterates are the same people who just keeping using what is preloaded and what's on retail store shelves because they are already afraid of the computer and their onl
    • by mcgrew (92797) *

      I'm often modded down for trashing Microsoft, most of whose whose products and business practices I don't like, but in this case I'm cheering them on.

      'scuse me, the phone's ringing...

      It was Satan, she invited me to go skiing with her in her back yard. IN HELL.

      • Re: (Score:2, Insightful)

        by furby076 (1461805)
        You get modded down for trash talking MS? On which web forums? Certainly not slashdot. Getting Karma Excellente' is assured by trash talking MS.
        • by whoever57 (658626)

          You get modded down for trash talking MS? On which web forums? Certainly not slashdot.

          Yes, you may get modded down on /. for trash talking MS. It's happened to me multiple times. It depends on the topic -- in some topics, one can trash talk MS with impunity, in others the MS supporters will use their mod points against you.

        • by mcgrew (92797) *

          Getting excellent karma is assured by being insightful and informative, as well as getting stories posted to the front page. If you have excellent karma you don't have to worry about the occasional downmod.

          Hell, I've been modded down for dissing Sony, of all people.

    • by rickb928 (945187) on Friday September 18, 2009 @01:37PM (#29469599) Homepage Journal

      If you can't choose a side in this, you're being disingenuous. Just stop it, and for once make sense.

      Your only real complaint should be that the Department of Justice, multiple state Attorneys General, or motiviated citizens haven't already pursued these civil actions. And the DoJ etc. should be considering crminal actions, but are no doubt distracted by any number of safer, simpler, and easier to prosecute villains.

      There is simply no excuse for going after the worst of these weasels, and expanding the fight overseas when they flee to supposed safe havens. I wish Microsoft good hunting on this one. Let's get after them to patch XP's TCP stack also, but at least DO SOMETHING, someone, please?

      Me? I'm no good at suits.

      • by causality (777677)

        There is simply no excuse for going after the worst of these weasels, and expanding the fight overseas when they flee to supposed safe havens. I wish Microsoft good hunting on this one.

        Rather than support an international cat-and-mouse style manhunt for multiple unknown individuals and all of the tax dollars that would require ... I'd rather just use a more secure OS and let the people who run Windows deal with Windows problems. Simple.

        Let's get after them to patch XP's TCP stack also, but at least DO SOM

        • by rickb928 (945187)

          "Rather than support an international cat-and-mouse style manhunt for multiple unknown individuals and all of the tax dollars that would require ... I'd rather just use a more secure OS and let the people who run Windows deal with Windows problems. Simple."

          Obviously simple. In fact, so obvious that you could be asking yourself "Well, why haven't we gotten a secure OS yet?" Well, why not? Ask some security professionals. It's nit just the OS, it's also the application. Case in point - Email users that c

    • The action here is simple. The enemy of my enemy is temporarily my friend. M$ go get them or better yet fix your damn security. The last few days have spun some heads, that's for sure.

    • by Sloppy (14984)

      Microsoft products are lame compared to industry averages, and they use network effects to cause their lack of quality to not harm their marketshare. In other words, they're evil -- but it's a limited sort of evil. It's not like they 're shredding puppies. All they have done is retard progress in the computer industry, and perhaps (though unlikely) the computer state of the art.

      Whenever Microsoft is in court, though, I almost always root for them. Microsoft fucks with (or more often: gets fucked by) com [wikipedia.org]

  • by gpronger (1142181) on Friday September 18, 2009 @12:53PM (#29468955) Journal
    I suspect the the main hurdle will be at getting the individuals behind the businesses. Must admit that this is the first time I've read about this approach to malware distribution, but I may simply be out of the loop.

    Greg
    • by sexconker (1179573) on Friday September 18, 2009 @12:55PM (#29468987)

      I suspect the main hurdle here will be the court clerk reading "qiweroqw.com" aloud.

      • I suspect the main hurdle here will be the court clerk reading "qiweroqw.com" aloud.

        Kee-weh-roh-koo dot com, until corrected by a reputable witness. Perhaps some people who are linguistic Americans[1] might have trouble, but anyone exposed to other languages will try sounding out a word in all known languages at once, plus IPA notation.

        [1] In the sense of the old joke: The word for understanding three languages is trilingual, two languages is bilingual, one language is American.

        • Re: (Score:3, Insightful)

          by huckamania (533052)

          That would explain all the immigrants in the US that can't speak or learn English. They must have been kicked out of their own countries for not being bilingual. It's okay though, cause we provide them with translators (who must be imported from some other country).

  • by tetsukaze (1635797) on Friday September 18, 2009 @12:59PM (#29469049)
    These activties hurt Microsoft's reputation as well as being a huge burden to users of their products. Microsoft has the money and power to put the hurt on the bad guys. This is win win.
  • After these fuckers spending years creating malware that specifically target's microsoft products, I say: ITS ABOUT FUCKING TIME. Go microsoft!
  • by Yvan256 (722131) on Friday September 18, 2009 @01:18PM (#29469345) Homepage Journal

    Less malware = less infected Windows boxes = less useless traffic on the internet.

    Linux users should applaud this too.

    Of course BSD users can't applaud, because Netcraft confirmed they're dying.

  • Aside from customers perhaps decided to jump ship to a more secure OS, was Microsoft actually wronged in any direct sense here? Wouldn't they have to organize a class action for this to go anywhere?

    • by drosboro (1046516)

      Why do you need anything aside customers jumping ship from MS's OS? Seems to me that's grounds enough for a suit right there.

      • Why do you need anything aside customers jumping ship from MS's OS? Seems to me that's grounds enough for a suit right there.

        I was making the assertion in a sort of tongue in cheek way. Not only is it indirect and difficult to prove, it would also make for an altogether incredibly pathetic PR stunt. I'm questioning their intent to actually follow through with this beyond a fishing expedition.

    • Re: (Score:3, Interesting)

      by pdabbadabba (720526)

      Wouldn't they have to organize a class action for this to go anywhere?

      Probably not. This sounds like tortious interference to me. The theory is that Microsoft's interests are damaged by a third party interfering in its relationship with its customers. When it comes to calculating damages there are all sorts of theories you could use. As you say, any would probably start with lost customers, but you can also look at higher support costs, reduced sale of upgrades (moving to a non-MS OS is not necessary for MS to lose profits), stymied growth in market share, etc.

      Of course, if w

    • by ajlisows (768780)

      I really am not sure here, but perhaps the cost associated with creating patches for exploits could be thrown into the equation. It is a sort of backwards and stupid way of looking at things but if people did not spend time trying to exploit the insecurities of Windows to steal money or information from Windows Users, Microsoft would not have to spend money to fix these issues which have nothing to do with actual usability of the product. A security breach is only an issue if there are people out there wh

  • by Lord Ender (156273) on Friday September 18, 2009 @01:21PM (#29469401) Homepage

    Other stories have demonstrated that someone at Microsoft has finally recognized the threat of cloud computing. The apps which most people use today don't require Windows; they just require a browser. Since browsers are available on Linux and Apple systems, and these systems aren't plagued by the horrible malware situation of Windows, Microsoft has no choice but to attempt to clean up the malware situation. The alternative is a situation in which everyone who can get what they need from the cloud will have a strong incentive to move to MacOS or Linux.

    • Are you trolling for an "Insightful?"

    • Re: (Score:3, Interesting)

      by pdabbadabba (720526)

      I don't know if you're trolling or not, but I think you're almost certainly correct (and, btw, that your -1 Troll mod probably isn't fair). Though bear in mind that MS has always had an incentive to clean up the malware situation proportional to the risk of its customers defecting to another OS. The threat of cloud computing to them just cranks up the risk, and thus the incentive. Whether or not it definitively tipped the scales in this case is hard to know - maybe they would have gone ahead with this 5 yea

  • Hang on a minute... I want to comment but the original article is scanning my hard drive for viruses and I'm afraid of what might happen if I press back... better let finish to be safe.
  • My definition of malicious advertising is, perhaps, different from most. To me, nearly all advertising these days are a nuisance, a bother and do not show adequate respect for my eyes or my attention. I recall the earliest days of advertising on the internet and how angry it made people back then. It wasn't nearly as bad as it is now and look at how passive people have become toward it. (I guess it is rather like taxation... the tax rates and practices that lead to the U.S. Revolutionary War were nothin

  • by aussersterne (212916) on Friday September 18, 2009 @02:19PM (#29470183) Homepage
    I could not be more tired of phone calls from family, friends, and even colleagues that begin with a breathless version of "Hey I need your help I think my computer is totally virus infected I got this warning the other day that I had 2342384 viruses in all these folders and did I want to install a free tool to clean them up and I said okay and it installed but I think I was too slow because now my computer is really slow and keeps doing strange things and I get all of these porn popups?!?! I wish I had clicked yes to automatically download and install it faster, but I clicked yes as fast as I could what should I do now nothing is working and these naked lady popups just keep coming!!!!!?"
  • The words "malvertise", "malvertisement", "malvertising", and similar variants are registered trademarks of Microsoft Corporation. Slashdot's use of these words in this posting and accompanying comments are an infringement of Microsoft's intellectual property. Please remove all references to these words from this website, pending consideration for further action by our legal department.
    Thank You.
    Chairman, Bill Gates
      and "Flying Chair Man", Steve Balmer

  • ...used malvertisements ...that peddled scareware...

    I'm sick of these malvertisements peddling scareware, crapulizing the comfuser's failurating system. It's just not cromulent.

  • exhausted all technical options from some of the brightest and best engineers at redmond, Microsoft resorts to the time tested, tried and true method of problem solving: Throw money at it, and bleed it dry with lawyers.
  • This part could also describe MS's very own "Get The Facts" site.

    'used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users.'

    Their site does not distribute MS software, but it is nothing but lies and deception aimed at pulling the wool over unsuspecting internet users by scaring them into using Windows which leave them and their private more prone to every piece of malware going today, and the millions created from today onwards
  • I have to say that one thing I've always admired about Microsoft is how aggressive they are at going after spammers, malware creators, etc. It's easy to know who to root for in these cases.

This file will self-destruct in five minutes.

Working...