Windows Live Messenger ads serve up malware

By

Rogue banner ads slip through safety net.

Windows Live Messenger ads serve up malware
Microsoft's messaging client for several days has displayed banner ads that attempted to install malware on user's systems.

Microsoft has acknowledged the incident and has removed the offending advertisements.

"We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again," Whitney Burk, a PR manager with Microsoft said in an emailed statement.

The banners inside the Windows Live Messenger advertised Errorsafe, an application that claims to detect and repair computer problems. The software is notorious because it often gets installed without the user's permission and because it presents false security warnings that are intended to make the user purchase a licensed copy of the software.

Most security vendors list Errorsafe and related software such as Winfixer as a potentially unwanted program or a security risk.

"This is very bad news for users of MSN Messenger, and for MSN and Microsoft, " Sandi Hardmeier, a Microsoft 'MVP' wrote on her Spyware Sucks blog.

Security experts in the past have pointed to banner advertisements as a potential way to distribute malware and exploit software vulnerabilities. They offer malware authors a potential way to post their attack code on trusted, mainstream websites.
The Windows Live Messenger incident further confirms the risk of such attacks.

"I am struggling to express how upset, and disappointed, and worried, I am that this has happened. For years I have been holding up MSN Messenger banner advertisements as an example of how advertisements can be safely served up to end users without putting them at risk of malware."

"Now, everything has changed. Users have been put at direct risk through no fault of their own and they can't avoid the MSN banner advertisements when the contact pane is open without using a third party hack that is ethically wrong to use," Hardmeier concluded.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
livemalwaremessengersecurityserveupwindows

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
WestJet probes cyber security incident

WestJet probes cyber security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?