main
Report a problem

Spyware installer hides in Messenger ad banner

Milan -   on 17 February 2007 - 16:35 · 27 comments & 25107 views

Advertisement (Why?)
The banner itself appears to advertise and link to a download called Free PC-Secure (which is unfamiliar to us) but the real problem is that its appearance automatically launches a Windows dialog box telling you that "Your system is not clean" and asking you if "you want to download System Doctor to improve it." You know, the typical hoax message that tries to download a malicious ActiveX control even though you click "Cancel" in a fruitless attempt to ignore it.

The conclusion here is that a nasty spyware ad seems to have infiltrated into Microsoft's banner advertising network because one of their clients is making use of some html code trickery.

We advise everyone to pay strict attention when they receive such a message window out of the blue. Cancel any initiated downloads and close the pop-ups/browser instances it launches. The animated banner in the screenshot below (showing two random frames) is the cause of the unsolicited Windows prompt. The bottom image shows the deceitful message on the page that is automatically opened no matter your choice in the dialog window.

News source: Mess.be

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: Milan -
Contact: via forum PM
Submissions: View All
More: View

Related news

 

Post a comment · Send to friend Comments · There are 27 additional comments
#1 Gary_Player on 17 Feb 2007 - 17:02
damn teh haxorz
(3 replies) #2 +M2Ys4U on 17 Feb 2007 - 17:03
It's good that I've used A-Patch to remove the ad banners then eh?
#2.1 Tantawi on 17 Feb 2007 - 17:22
A-Patch FTW!
#2.2 Helba on 18 Feb 2007 - 00:01
Hm... I was hoping there was a tool to do this, but I've never heard of one.

I think I'll go find this mythical 'A-Patch.'

Thankss.

Edit: Man, that's bangin' and rad! Thanks for mentioning the utility

Last edited by Helba on 18 Feb 2007 - 00:08
#2.3 PTX on 18 Feb 2007 - 13:36
Quote - (Helba said @ #2.2)
Hm... I was hoping there was a tool to do this, but I've never heard of one.

I think I'll go find this mythical 'A-Patch.'

Thankss.

Edit: Man, that's bangin' and rad! Thanks for mentioning the utility

www.mess.be has a lot of stuff for WLM
#3 aldrlandon on 17 Feb 2007 - 17:08
Yeah, why haven't people removed the banners yet anyways?? But it seems like Microsoft has got a problem on their hands if this wrecks a bunch of people's computers.
(2 replies) #4 obsolete_power on 17 Feb 2007 - 17:12
Well I am not going to ignore it because it removes the Messenger ad and as far as I'm concerned.....that's a good thing.
#4.1 dandin1 on 17 Feb 2007 - 17:59
I don't really understand your message. If you're implying that the spyware removes the messenger banner ad, then you're horribly wrong: It hides in the ad. Even if it did remove the ad, it's still spyware!
#4.2 obsolete_power on 18 Feb 2007 - 09:09
My bad, I misread the article
(1 reply) #5 Fubar on 17 Feb 2007 - 17:59
mess patch ftw
#5.1 dandin1 on 17 Feb 2007 - 18:00
<3 mess+plus!=the way msn should be.
(3 replies) #6 ThaCrip on 17 Feb 2007 - 20:32
i aint gotta worry about this since i dont use the official MSN client... im using GAIM.
#6.1 Laser_iCE on 18 Feb 2007 - 01:31
Thank you... I'll be able to sleep much easier tonight now that I know this.
#6.2 jago_lfn on 18 Feb 2007 - 05:56
Trillian here =)
#6.3 mr_da3m0n on 18 Feb 2007 - 06:26
Quote - (Laser_iCE said @ #6.2)
Thank you... I'll be able to sleep much easier tonight now that I know this.


I will sleep much easier tonight knowing that you cannot interpret such facts as some sort of unforced advice.
#7 Sunny69 on 17 Feb 2007 - 20:53
This reminds me of something that happend last year... Only now there is no status to revoke...will those/that MVP(s) respond the same this time round....and will Microsoft love that MVP for it? Is this the end of the WLM sponsor?

Last edited by Sunny69 on 17 Feb 2007 - 21:07
#8 Helba on 18 Feb 2007 - 00:00
Hmmm...

Well, maybe if MS would stop planting ads in their god damned messenger this wouldn't be a problem!

That has bugged me since day one. It's sort of funny that it's caused a problem now.

#9 MightyJordan on 18 Feb 2007 - 00:10
Decision time! Which is the better patch? Mess Patch, or A-Patch? I can't decide which one to use. But since I don't really use WLM, I'm not really in any hurry.
(1 reply) #10 Croquant on 18 Feb 2007 - 01:02
This is why I use Adblock Plus.
Well, that and I don't need to be seeing more useless banner ads.
#10.1 linx05 on 18 Feb 2007 - 07:00
Gee I didn't know AdBlock Plus interacted in Windows Live Messenger/MSN Messenger?
#11 eilegz on 18 Feb 2007 - 03:29
mess patch save us really
#12 Quick Reply on 18 Feb 2007 - 04:58
Microsoft should take ultimate responsibility to repair the damage done to their customers systems, as many would be unaware of what they have done. Add it to the Malicious Software Removal Tool, and then require a MSRT scan before WLM installation (And then force a WLM update)?
(3 replies) #13 Patchou on 18 Feb 2007 - 07:14
Note: be careful when thinking that those various advertisement patches protect you against this flaw. Many of these patches just hide the advertisement in the contact list. The associated IE control is still there so you'll still get the same issues as the Winfixer popups will still be invoked from the IE control and those won't be hidden.
#13.1 slysy on 18 Feb 2007 - 19:15
From mess.be:

Quote -
While this would be an excellent opportunity to promote our Mess Patch for its ad-removal option, it is unfortunately no cure against the automated pop-up. Sandi recommends that MSN/Windows Live Messenger users download and install Mike Burgess's HOSTS file to help block Winfixer and other scum.
#13.2 dandin1 on 19 Feb 2007 - 01:12
#13.3 Slugbait on 19 Feb 2007 - 07:24
I've been using the HOSTS file from MVPS for several years now, and I use it on all of my family members' machines (none of them have a clue about safe surfing). I consider it the single most important part of my security bulkhead...even more important than an anti-virus program.

Note that Messenger's ads banner will change into a 404 page after modifying your HOSTS file. After this, I suppose it's safe to use an add-on program to remove the banner section entirely.

If using an NT-based operating system, be sure to shut down and disable the DNS Client...otherwise, you may see a very significant decrease in system performance (no problemo with 9x-based systems).
#14 franzon on 19 Feb 2007 - 13:38
malware installation attempts were in neowin's banners too:
http://www.neowin.net/forum/index.php?show...=516958&hl=
and
http://www.neowin.net/forum/index.php?show...#entry588252277

Why neowin didn't publish a news about problems on own site?

Last edited by franzon on 19 Feb 2007 - 13:50

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net