Windows Live Messenger Displayed Malicious Ads

For several days Microsoft's messaging client was displaying banner ads that tried to implant a malicious software program on a user's PC causing security concerns. After acknowledging the incident Microsoft has removed the disturbing advertisements.

Microsoft spokeswoman Whitney Burk wrote in e-mail that her company investigated the reports right away and eliminated the offending ads, also because it violates their ad-serving policy, reports IDG News Service.

Computer security analysts found two advertisements for 'Winfixer' also referred to as 'ErrorSafe' on Windows Live Messenger. The banners residing in the Windows Live Messenger canvassed ErrorSafe, a security program that functions as a detector and rectifier of computer problems. But the software behaves notoriously when it installs, and very often so, without the users' consent. It also sets false security alarms with the intention to induce the user to buy a licensed copy of the application.

Most security vendors regard ErrorSafe and associated software like Winfixer as possibly undesirable software or a security threat.

Sandi Hardmeier who holds a Microsoft designation of Most Valued Professional - a designation assigned to those who've expert knowledge about its products - pointed out the problem to Microsoft. She said the ads that projected on Windows Live Messenger attempted two methods to make users install Winfixer on their PCs.

The first method used a pop-up window that offered to scan the machine for possible problems, according to Hardmeier. Based on the version of Internet Explorer that the PC ran, Winfixer would attempt to install itself via an ActiveX control, she said.

The second method used a banner ad that a user needs to click before accessing a Web site that offers free PC-Secure. Most security vendors have detected this program as Winfixer, said Hardmeier. Winfixer has many other names like ErrorSafe and DriveCleaner.

There is a suspicion that many organizations wrongly registered with the networks to supply Winfixer ads instead of the ones they originally agreed for, Hardmeier explained.

Banner advertisements offer malware authors a means to distribute their malicious code and exploit software vulnerabilities on trusted and prominent websites. The Windows Live Messenger case establishes the danger associated with such attacks.

Related article: Windows XP Fault Strike Firewall

» SPAMfighter News - 3/3/2007