Microsoft awards MVP to 'adware' distributor

Microsoft has come under fire for naming the developer of a program that can install adware on user's PCs as one of its Most Valued Professionals.

MVPs are people with deep knowledge of Microsoft products who volunteer to answer technical questions for other users or contribute to its software in significant ways. It's a prestigious recognition, with only about 2,600 MVPs worldwide.

Microsoft recently added Cyril Paciullo to its MVP list. He's the developer of Messenger Plus, a free plug-in that adds some handy features to Microsoft's Windows Messenger program, like the ability to stack several chat windows together and access them via tabs.

But security experts say his software is also a distribution vehicle for Lop, which they describe as a nasty adware program.

"Bottom line is, Microsoft are rewarding someone that has an active involvement with one of the most maligned names in PC hijacking," said Christopher Boyd, a Microsoft Security MVP who's also director of malware research for FaceTime Security Labs. "If that isn't booberific, I don't know what is," he wrote in his blog.

Lop is a family of adware programs which will, among other things, generate pop-up advertisements and install misleading icons on a user's desktop, according to Sunbelt Software Inc., a security company that also noted Paciullo's MVP award with interest.

Messenger Plus does provide users with the option to not install its accompanying "sponsor program." But Pacuillo's involvement with adware makes his MVP appointment questionable and also devalues the program, critics said.

"Yeah, it now gives you an option as to whether you want to install it or not -- but that's hardly the point, is it?" Boyd wrote.

"Note that he does give the option to infect your machine (and quite politely, at that). But it’s still Lop," Sunbelt Software said.

Paciullo, who goes by the alias Patchou, could not be reached for comment on Friday. He says in a frequently asked questions section on his Web site that the sponsor program is not dangerous and can be uninstalled easily. He acknowledges that some adware programs flag his software, but says that's because they can't distinguish between "a clean adware solution and nasty spyware."

Microsoft also did not immediately comment. It's own malware protection engine flags Messenger Plus as a threat, according to Boyd.

Paciullo is not new to criticism. His software has been a target for another Microsoft Security MVP, Sandi Hardmeier, who runs a blog called Spyware Sucks.

Paciullo has made some changes to Messenger Plus in response to Hardmeier's criticisms, Hardmeier wrote in her blog. Version 3.63, introduced April, no longer installs a toolbar and resets the browser home page, she said. But it does generate pop-up windows that try to install Active X controls on a PC, she said, including one that's known to use rootkits, making it still "malware" in her book.