James Delahunty
18 Sep 2009 3:24
Microsoft Corp. has filed a number of lawsuits against companies that use malicious advertisements in order to trick Windows users into installing useless "security" software. Scareware ads generally appear as system scan utilities, which report that they have found critical problems, and suggest the user simply "click to fix the problem". On click, the user is brought to a website selling fake anti-malware utilities.
In many cases, the software they receive is not only fake, but malicious in nature. The credit card numbers used to buy the software are then often used for fraudulent purposes later on or sold on to scammers, along with all the personal information offered up by the concerned victim. Recently, the New York Times website was tricked into running a scareware advertisement, which made headlines.
"These guys have decided to go full-court press on this, because it's obviously very profitable," said Paul Ferguson, a researcher with antivirus vendor Trend Micro. Microsoft's round of lawsuits target DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter, but they are "John Doe" lawsuits - that is Microsoft of the identities of the owners yet.
In addition to the "malvertising", the same groups behind the phony software are now also using software to manipulate Google search results. Recent targets concerned sear terms leading to information about U.S. Republican Congressman Joe Wilson (the "You Lie!" guy), the U.S. Open tennis tournament and recently-deceased actor Patrick Swayze.