MSN showing malware ads


I was setting up a new machine on Friday and I started Edge to download some applications that were needed.

It showed the MSN start page, as usual. I accidentally clicked on one of the stories on the MSN page (remote control with Teamviewer lagged) and it opened up the story, which was dominated with an “ad” showing a Windows 10 dialogbox style image, saying that Windows 10 was damaged and needed resetting and an OK button.

I quickly pressed Ctrl+W until all browser windows were closed and the AV scan afterwards showed now infection.

But WTF? Why is Microsoft’s default homepage pushing malware at its users?

Comments (12)

12 responses to “MSN showing malware ads”

  1. Piras

    Exact same thing happened to me yesterday!

  2. Paul Thurrott

    Weird. You mean ads have a downside? :)

  3. TheJoeFin

    Whoa that is a big flaw. Is it possible it was a Man-In-The-Middle attack?

  4. jimchamplin

    Rather frightening.

  5. infloop

    A likely case is that the ad server was compromised, therefore pushing it out to any browser that loads ads from it. Which means that big name sites like MSN end up with them on the page as well.

    Also, curious, are there not Group Policy settings available to control these features in Edge on Windows 10? I would think that corporate IT would want to set them to turn these off.

    • wright_is

      In reply to infloop:

      This was during initial set-up, before it was added to the domain.

      But what Group Policy setting stops a website from loading ads from a legitimate source?

      The problem is, either the ad server was compromised, or, more likely, the ad-vetting is so lax that someone just paid for an ad to display the malware download link.

      Google had a go at cleaning this up last year (I used to get such ads from Google, but for Windows XP).

      • infloop

        In reply to wright_is:

        Ah, I see, prior to adding to the domain.

        I meant Group Policy settings to change the home page or to turn off the stuff that is being thrown on the new tab page on browsers these days. Maybe it's just me but I always found those annoying and turned them off whenever I could. Homepage is set to about:blank or selecting Blank Page in the preferences, depending on the browser.

  6. waethorn

    Absolutely no surprise. After all, Windows 10 is turning into an advertisers paradise what with Microsoft selling out the platform to Amazon.

  7. James Burns

    Get a real browser and stay away from MSN. It's been crap for several years now.

  8. karlinhigh

    With all the hype about Big Data, Artificial Intelligence, Machine Learning, etc... WHY ON EARTH can't ad networks or browser makers block these things? Surely recognizing common pop-up methods with references to "support" for major tech companies isn't much harder than the ad-targeting work being done.