Microsoft Goes Hunting for Malvertisers. Are They the Same Guys Who Hacked the New York Times?
The hackers who duped the New York Times (NYT) into serving a bogus ad last week may be part of a growing trend. Or they may just be very active: Microsoft says it has been hit by a similar attack and is suing the people behind it.
But first the company needs to figure out who the culprits are.
Microsoft (MSFT) has filed five so-called “John Doe” civil suits against the hackers, whom it can’t identify yet. Redmond accuses the unknown attackers of a variety of crimes, from fraud to copyright infringement; it says it hopes the filings will “deter malvertising in the future.” (See full text of the complaint below.)
There’s a decent chance that the Microsoft bad guys are, in fact, the same guys who hijacked the Times last weekend. The methodology they used to get the ads onto Redmond’s MSN publishing network seems similar, and so does the fake “virus detected” warning the ads use to confuse surfers.
And, intriguingly, online ad monitor Click Forensics says it thinks it has identified a link between the malware that the Times served up and the stuff that the Microsoft attackers were trying to distribute. The company also thinks the two attacks are connected to a click fraud ring it has dubbed the “Bahama Botnet.”
Even if Microsoft does end up getting its hands on these guys, I think we’ll be seeing more of this stuff. Since the Times story broke last weekend, I’ve been talking to a variety of ad tech experts about the incident. And it sounds as if the technique the hackers used to compromise the paper–essentially, passing themselves off as legitimate advertisers–will be very difficult to stop if someone is determined to use it.
The best solution I’ve heard so far: Monitoring systems that can quickly detect an attack and warn publishers that they’re running malvertisements. It’s unclear how long the bogus Times ad stayed up, but the fact that it got switched on over the weekend indicates that the attackers assumed the paper would be slow to react.