Microsoft Gives ‘Adware’ Distributor MVP Status

Microsoft has come under fire for naming the developer of a program that can install adware on users’ PCs as one of its Most Valued Professionals.

MVPs are people with deep knowledge of Microsoft products who volunteer to answer technical questions for other users or contribute to its software in significant ways. It’s a prestigious recognition, with only about 2,600 MVPs worldwide.

Microsoft recently added Cyril Paciullo to its MVP list. He’s the developer of Messenger Plus, a free plug-in that adds some handy features to Microsoft’s Windows Messenger program, like the ability to stack several chat windows together and access them via tabs.

But security experts say his software is also a distribution vehicle for Lop, which they describe as a nasty adware program.

“Bottom line is, Microsoft are rewarding someone that has an active involvement with one of the most maligned names in PC hijacking,” said Christopher Boyd, a Microsoft Security MVP who’s also director of malware research for FaceTime Security Labs. “If that isn’t booberific, I don’t know what is,” he wrote in his blog.

Lop is a family of adware programs that will, among other things, generate pop-up advertisements and install misleading icons on a user’s desktop, according to Sunbelt Software, a security company that also noted Paciullo’s MVP award with interest.

Messenger Plus does provide users with the option not to install its accompanying “sponsor program.” But Pacuillo’s involvement with adware makes his MVP appointment questionable and also devalues the program, critics said.

“Yeah, it now gives you an option as to whether you want to install it or not—but that’s hardly the point, is it?” Boyd wrote in his blog.

“Note that he does give the option to infect your machine (and quite politely, at that). But it’s still Lop,” Sunbelt Software said.

Paciullo, who goes by the alias Patchou, could not be reached for comment on Friday. He says in a frequently asked questions section on his website that the sponsor program is not dangerous and can be uninstalled easily. He acknowledges that some adware programs flag his software, but says that’s because they can’t distinguish between “a clean adware solution and nasty spyware.”

Microsoft also did not immediately comment. Its own malware-protection engine flags Messenger Plus as a threat, according to Boyd.

Paciullo is not new to criticism. His software has been a target for another Microsoft Security MVP, Sandi Hardmeier, who runs a blog called Spyware Sucks.

Paciullo has made some changes to Messenger Plus in response to Hardmeier’s criticisms, Hardmeier wrote in her blog. Version 3.63, introduced in April, no longer installs a toolbar and resets the browser homepage, she said. But it does generate pop-up windows that try to install Active X controls on a PC, she said, including one that’s known to use rootkits, making it still “malware” in her book.

SunBelt’s posting can be located here.

Boyd’s posting is here.

Hardmeier’s posting is available here.

-James Niccolai, IDG News Service (Paris Bureau)

This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.