Microsoft Goes After Malicious Ad Suppliers

If you visited the New York Times website last week, you may have been surprised to have your browsing interrupted by one of those scammy “we’re scanning your computer for viruses OH NO YOU HAVE A VIRUS!” ads that overtake your window. Now Microsoft has filed 5 lawsuits in an attempt to fight back against the jerks who may have been responsible for it, and certainly for other ads like it all over the web.

If you didn’t visit nytimes.com over the weekend, here’s what happened: the paper reported on Monday that they’d essentially been tricked, by someone who knew how to game their oversight policies, into displaying malicious ads to some users who visited the site.

The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.

Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. “In the future, we will not allow any advertiser to use unfamiliar third-party vendors,” she said.

Security consultant Dancho Danchev thinks that a particular, sophisticated crime group was behind the ad, which happens to be the same group that Microsoft filed 5 lawsuits against in Seattle’s King County Superior Court earlier this week.

The lawsuits allege that an unknown number of individuals using various business names distributed malicious software through Microsoft AdManager, the company’s online advertising platform.

[...]

Click Forensics, a company that tracks click fraud, on Thursday said that it had discovered a 200,000 computer botnet — a group of compromised computers harnessed to work in unison — linked to the Microsoft lawsuits. In a blog post, Steve O’Brien, VP of sales and marketing at Click Forensics called it “one of the most advanced sources of click fraud we’ve seen.”

The botnet, known as the “Bahama botnet” because it at one time directed online traffic through computers in the Bahamas, is believed to be linked to the malicious advertising that appeared on the New York Times Web site several days ago, according to O’Brien.

Although O’Brien suggests that the cyber crime group believed to be responsible is located in Ukraine, Richard Boscovich, senior attorney at Microsoft for Internet safety enforcement, said in a phone interview that it’s not clear where the people responsible are located.

“Microsoft Files Five Lawsuits To Halt Malicious Advertising” [InformationWeek]
“Times Web Ads Show Security Breach” [New York Times]