Microsoft sues scareware scammers

The lawsuit comes just days after the NY Times was hit with scareware ads

Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.

The company is suing DirectAd Solutions, Soft Solutions,, and ITmeter, saying that these companies have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users," according to a blog posting by Tim Cranton, associate general counsel with Microsoft.

Scareware is malicious or ineffective software. It's so named because buyers are usually scared into buying it with fake messages that tell them that their computer has been infected.

These products have been around for years, but in the past few months they've become a major problem. Over the weekend, The New York Times was tricked into running a scareware ad on its site by scammers pretending to be with Vonage, a legitimate telecommunications company.

But scareware ads are popping up everywhere these days, security experts say. "These guys have decided to go full-court press on this, because it's obviously very profitable," said Paul Ferguson, a researcher with antivirus vendor Trend Micro.

Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue.

When the victim pays, the scammers then deliver useless or even malicious software. Often, they also use the victim's credit card number for further fraud or try to hack into the machine.

In addition to pushing malicious ads, these scammers have also been poisoning Google search results lately.

To do this, they keep track of hot search topics and then use search engine optimization techniques -- using software to create a bunch of links to their malicious pages -- so that their pages come up first in search results.

When the victim clicks on the fake search result, they're taken to a Web site that pops up the fake scareware system scan.

Recently, they've hijacked search results relating to South Carolina Congressman Joe Wilson, the U.S. Open tennis tournament and actor Patrick Swayze.

Sometimes they are very localized, too.

"When Seattle was having a heatwave this past summer they hijacked search results for Seattle weather," said Katherine Tassi, assistant attorney general with the Washington State Attorney General's Office.

Her office sued a Texas company for allegedly supplying rogue antivirus software back in September 2008. That company has since gone out of business, she said.

Today most scareware sellers operate outside the U.S., making it hard to stop them, Tassi said. "Certainly on a state level, it's become virtually impossible."

"They're multimillion-dollar enterprises, they're criminal in nature, and they span multiple continents," she said.

Microsoft's lawsuits are so-called John Doe suits, meaning the company does not know who is behind these companies but hopes to discover the perpetrators as it continues to investigate.

Nevertheless, Cranton wrote that Microsoft hopes that the "filings will help deter malvertising in the future."

Join the CSO newsletter!

Error: Please check your email address.

Tags ScarewareMicrosoftlegallawsuitsscams

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts