Bad Ad: Going After The Malvertising Threat

Posted by Tim Cranton 
Associate General Counsel

Today, Microsoft filed five civil lawsuits, the first of their kind against a nasty phenomenon known as malvertising. That’s the industry term for malicious online advertising. Microsoft works with the other leading providers of online ad platforms to mitigate the threat posed by malvertising, but we’re now taking that effort a step further.

Our filings in King County Superior Court in Seattle outline how we believe the defendants operated, but in general, malvertising works by camouflaging malicious code as harmless online advertisements. These ads then lead to harmful or deceptive content. For example, ads may redirect users to a website that advertises rogue security software, also known as scareware, that falsely claims to detect or prevent threats on the computer. Malvertising may also directly infect a victim’s computer with malicious software like Trojans – programs that can damage data, steal personal information or even bring the users’ computer under the control of a remote operator.

The lawsuits allege that individuals using the business names “Soft Solutions,” “Direct Ad,” “,” “ITmeter INC.” and “” used malvertisements to distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users. Although we don’t yet know the names of the specific individuals behind these acts, we are filing these cases to help uncover the people responsible and prevent them from continuing their exploits.

We hope that today’s filings will help deter malvertising in the future, but meanwhile, adopting a few good habits can help you avoid online scams and ensure the safest computing experience possible:

  • Make sure you’re using legitimate and up-to-date anti-virus, firewall and anti-malware/spyware tools.
  • Be extra cautious about offers to secure or scan your computer with security software or programs you don’t recognize.
  • Don’t give out personal information or credit card information unless you know the site is secure.

Microsoft works vigilantly, using both technology and the law, to fight illegal activity that undermines people’s trust in the Internet and online services. Today’s filings build on other recent actions we’ve taken againstclick fraud and instant messaging spam (aka “spim”).

This work is vitally important because online advertising helps keep the Internet up and running. It’s the fuel that drives search technologies. It pays for free online services like Windows Live, Facebook, Yahoo and MSN. Fraud and malicious abuse of online ad platforms are therefore a serious threat to the industry and for all consumers and businesses that rely on these free services.

We’ve posted copies of our court filings online:

• Microsoft Corp. and Microsoft Online Inc. v. John Does 1-20, d/b/a DirectAd Solutions: King Co. Superior Court Cause No. 09-2-34024-2 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a Soft Solutions, Inc. King Co. Superior Court Cause No. 09-2-34021-8 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a King Co. Superior Court Cause No. 09-2-34020-0 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a King Co. Superior Court Cause No. 09-2-34022-6 SEA

• Microsoft Corp. v. John Does 1-20, d/b/a ITmeter Inc. : King Co. Superior Court Cause No. 09-2-34023-4 SEA

We’ll continue to blog about efforts to find and fight cybercrime in all its forms. In the meantime, the Microsoft Advertising team has also posted some additional thoughts on this issue on its blog. And as always, please visit for more information about staying safe online.

Comments (15)

  1. Nurkoonsdaz says:

    The world was created by a single thought!  Nurkun dot com

  2. Anonymous says:

    Thanks for the above.  The first and last two PDF files is not opening.  Please re-upload? Thanks!

  3. Anonymous says:

    Excellent. Looking forward to seeing how this pans out.

  4. Anonymous says:

    Another "company" doing this is called RegTool, and I unwittingly subscribed to one of their services. I have paid for it and do not care about the money ($36.95) but I cannot get them out of my computer. I have had four different Microsoft technicians trying to no avail, and I am at my wit's end. They are predators, and even the service I paid for was sold fraudulently as nothing in it will work unless I purchase something else. These people should be in prison, not in my computer! I hope Microsoft will also take them to court.  Thanks for listening.

  5. Anonymous says:

    AWESOME!!  Clash of the Titans!  Evil battles evil!!  Stay tuned for action!    Hey, Microsoft.  If you stopped your marketing efforts, stopped the embrace-extend-extinguish, stopped the bogus research of "open source", you might find time to actually secure your operating systems.    Yeah, Win7 is the most secure operating system EVAH!!  Give it a few months….  Still got ActiveX???

  6. Anonymous says:

    Jeannette Mulvaney – google Trinity Rescue Kit.  Linux is capable of rescuing broken Windows installations.  Since you were capable of posting a coherent problem, I'll assume that you are capable of reading directions, then entering a few commands in a terminal.  Trinity is easy – give it a try.

  7. Anonymous says:

    I seriously hope Microsoft wins this battle, alltough they serve the biggest malware themselves (ActiveX)

  8. Anonymous says:

    While I applaud MS for doing this, I have to ask ( since the judge will ) what standing does MS have to do this?  

  9. Anonymous says:

    i spent the morning trying to remove "Total Security" from my girlfriend's PC.     for the sake of PC users everywhere, i hope MSFT nails these guys and they go to jail. here's my rant + instructions on how to remove the program:…/malware-scareware

  10. Anonymous says:

    Why not go after the money trail to find these guys. Create a tracing purchase and follow the money trail through the credit cards companies into the criminal's bank accounts.    You have agree that these criminals are breaking their use-agreements with the credit card companies by committing criminal consumer fraud.  The credit card companies can shut these down anytime they want if they are indentified.

  11. Anonymous says:

    I think that this should be addressed at the ad server level.  All ad server providers (Eyeblaster, Atlas, Doubleclick, etc) should increase scanning of the content that they are delivering to various websites.  Also ad networks, such as AdBrite, Tribal Fusion, etc, should also be scanning what goes through their systems.  These scans should be done frequently as someone could provide an ad tag for their campaign on one of these services or networks, which would initially deliver a legitimate ad, but can be changed later.  It can be a huge problem for the advertising industry.  They need to concentrate more on security and not just the money they stand to make.  Bottom line this hurts websites trying to make some advertising dollars and ultimately the end user who gets stuck with the malware on their computer.

  12. Anonymous says:

    Nice article you got here. It would be great to read more concerning this theme. Thanks for posting this data. BTW I'm curious to know how much you earn on-line. Well, you know for advertising, reviews and so on.  Jane Sendrich  <a href="">program income</a>

  13. Anonymous says:

    These people should be in prison, not in my computer! I hope Microsoft will also take them to court.

  14. Anonymous says:

    I'm glad you wrote this. From the American perspective it seems so black and white.

  15. Anonymous says:

    These people should be in prison, not in my computer! I hope Microsoft will also take them to court.