Saturday, May 19

Messenger pushes Rogue Antispyware

Rogue antispyware pushed by MSN Messenger

Microsoft IM tool carries ads for fake security product.

Microsoft's MSN Messenger, recently renamed MSN Live Messenger, was found last week to be carrying banner advertising for the WinFixer rogue anti-spyware product.

WinFixer, also known as ErrorSafe, uses fake warnings of malware infections to trick users into installing its software. Like many such rogue applications, installation may be limited to a low-grade malware scanner which blackmails victims into paying for a 'full version' to remove non-existent infections; more insidious rogue products also include downloader trojans to bring further unwanted adware and spyware onto compromised machines.

It is thought the advertising was sneaked past the MSN Messenger screening process by replacing a clean advertising stream. While some of the ads required the user to click on them to activate the attack, others are thought to have been capable of launching without user interaction. Microsoft has issued an official apology for the breach and has removed the ads from the Messenger product.

Internet Explorer expert Sandi Hardmeier has more details and screenshots at the SpywareSucks blog, here.

No comments: