Microsoft falls victim to shady 'scareware'

Microsoft said it moved quickly to remove a banner advertisement that appeared on its instant-messaging program for a software application that falsely hypes security threats on a user's computer.

"We immediately investigated the reports and removed the offending ads, as this is a violation of our ad-serving policy," wrote Microsoft spokeswoman Whitney Burk, in an e-mail Tuesday.

Last week, computer security analysts noticed two advertisements for Winfixer -- a self-described security program that also goes by the name ErrorSafe -- on Windows Live Messenger.

Security companies have labeled it as a "potentially unwanted program." They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called "scareware," whose creators try to bully users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer "malware," did not detail how the ads appeared. However, the Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable ads promoting spyware and other malicious software have appeared on ad networks.

The incident highlights how even a well-resourced company such as Microsoft can be vulnerable to the vagaries of complex associations of Internet advertising networks.

"There are often a host of parties involved in the advertising chain, making it difficult to track the journey an advertisement takes from its original source to a user's computer," according to a CDT report released last year.

It's extremely hard to police advertisements, as the organizations which supply them could suddenly substitute new ones, said Graham Cluley, senior technology consultant for Sophos, a security software company.

"There remains a risk that advertisements may be vetted and approved when first placed with an advertising network only to be later 'updated' to advertise less savory products," Cluley said. "This isn't just a problem for Microsoft, it's a problem for any company which is delivering advertisements to its userbase."

The U.S. Federal Trade Commission (FTC) has undertaken several actions against companies that have created special programs designed to exploit security vulnerabilities in computers, that -- like Winfixer -- purport to repair the machine.

The Winfixer incident sparks concerns over user security and could be especially important for Microsoft. The company seeks to use advertising to subsidize the cost for free services such as Windows Live Mail, formerly Hotmail, and other Web-based services it's using to compete with online offerings from Google.

"For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware," wrote Sandi Hardmeier, a Microsoft Most Valued Professional and specialist in Internet Explorer, on her blog. "Now, everything has changed. This simply shouldn't have happened."

The IDG News Service is a Network World affiliate.