Microsoft declares war on 'scareware'
Ads for bogus security software are popping up everywhere. Microsoft and the FTC are fighting back, but jaded old geeks need to do their part, too.
Follow @ifw_cringelyA couple weeks back the digital version of the New York Times found itself hip deep in manure when it got tricked into serving up "scareware" ads to unsuspecting readers.
You know the scam. You're merrily surfing the Web when suddenly a window pops up: "Your computer is infected with malware, but if you send us $49.95 we'll clean it right up for you." Of course, there is never any malware. Nothing happens save for the bank draft. And then they'll scam you again in a few months with ads for another bogus product.
[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
Usually these ads are the result of a malware infection itself, or something that sites serve up when you cruise the Net's dark and dirty underbelly -- or so I've heard, as I've never been there myself ;). Inserting them into the ad servers of a trusted site, though, was a stroke of malevolent genius.
According to the Times' Ashlee Vance, an ad for the "Personal Antivirus" scanner showed up inside readers' browsers instead of the legit ad the Times thought it had sold:
The creator of the malicious ads posed as Vonage, the Internet telephone company, and persuaded NYTimes.com to run ads that initially appeared as real ads for Vonage. At some point, possibly late Friday, the campaign switched to displaying the virus warnings.
Because The Times thought the campaign came straight from Vonage, which has advertised on the site before, it allowed the advertiser to use an outside vendor that it had not vetted to actually deliver the ads, Ms. McNulty said. That allowed the switch to take place. “In the future, we will not allow any advertiser to use unfamiliar third-party vendors,” she said.
