Malware found in Windows Live Messenger ads

Microsoft's Windows Live Messenger client displayed banner ads for several days that attempted to install malware on users' systems. 

The software giant has acknowledged the incident and removed the offending advertisements.

"We apologise for the inconvenience and are reviewing our advertisement approval process to reduce the chance of an occurrence such as this happening again," Whitney Burk, a PR manager with Microsoft, said in an emailed statement.

The banners inside Windows Live Messenger advertised Errorsafe, an application that claims to detect and repair computer problems.

The software is notorious because it often gets installed without the user's permission, and presents false security warnings intended to persuade the user to purchase a licensed copy of the software.

Most security vendors list Errorsafe and related software such as Winfixer as a Potentially Unwanted Program or a security risk. 

"This is very bad news for users of MSN Messenger, and for MSN and Microsoft, " Sandi Hardmeier, a Microsoft Most Valuable Professional, wrote on her Spyware Sucks blog. 

Security experts have pointed to banner ads as a potential way to distribute malware and exploit software vulnerabilities. The ads offer malware authors a way to post attack code on trusted mainstream websites.

The Windows Live Messenger incident further confirms the risk of such attacks.

"I am struggling to express how upset and disappointed and worried I am that this has happened," Hardmeier wrote.

"For years I have been holding up MSN Messenger banner ads as an example of how ads can be safely served to end users without putting them at risk of malware.

"Now everything has changed. Users have been put at direct risk through no fault of their own and they cannot avoid the MSN banner ads when the contact pane is open without using a third-party hack that is ethically wrong to use."

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!