Scareware

Winfixer and Windows Live Messenger

Has anyone ever had Winfixer on one of their computers? I have and it is an ugly thing, I have NO idea where it came from, I don’t usually download stuff off of the net, so it had to be a website I visited, and I don’t normally just go surfing, I check a few news sources, and most of the time, nothing spammy is ever listed. Anyway, I removed it using Ewido Antispyware, but still ended up reloading the operating system, because it was so hard to get rid of, I wouldn’t have at all been surprised if it had opened some security holes and left other exploitable stuff lying around.

The malware commonly known as Winfixer aka Errorsafe is being distributed via MSN Messenger banner advertisements. This has been reported to secure@microsoft.com and they and the MSN ads team investigated and removed the ads.

Microsoft has issued an official statement as follows:

“Microsoft was notified of malware that was being served through ads placed in Windows Live Messenger banners. As a result of this notification we immediately investigated the reports and removed the offending ads, as this is a violation of our ad serving policy. We can confirm that the ads are no longer being served by any Microsoft system. We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again. To help customers protect their PCs from malware threats, Microsoft recommends customers follow our Protect your PC guidance at www.microsoft.com/protect.” – Whitney Burk, Microsoft. Source: WARNING: Winfixer and Errorsafe being distributed via MSN Messenger banner advertisements

An article at Infoworld called Winfixer scareware, because most of the time it is advertised using those popup banners telling you that you are infected, click here to scan or remove, you know, those banners that look like system prompts from Windows, those that trick new users into clicking on them and installing this crap.

Security companies have labeled it as a “potentially unwanted program.” They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called “scareware,” whose creators try to bully users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer “malware,” did not detail how the ads appeared. However, the Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable ads promoting spyware and other malicious software have appeared on ad networks. Source: Microsoft falls victim to shady ‘scareware’

They removed the ads as fast as they could, which is good, but, how do they stop this in the first place? It certainly is hard to do, there are so many players involved when something like this happens, it can be hard to track, but not impossible. There is always a money trail, somewhere, somehow, they are making money and no matter how hard they try to hide, it is usually possible to track them. It is very easy for someone to place an ad at a network, and change what is being displayed, where the user lands, popping up other sites, there are many ways to get an ad approved and change it later to the malicious code or website.

The Infoworld article has a few comments from our favorite spyware slayer, and kung fu master Paper Ghost, and he says the Winfixer operation is probably very complicated.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 22, 2007 at 5:36 am

Categories: Scareware, Security   Tags: