dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
14936
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

Adware Vendors Running for Cover...

Hi All:

I want to call your attention to two new articles on an issue that's becoming increasingly important for us to follow. As you know, Aluria Software recently announced a partnership with the well-known adware distributor WhenU (see »WhenU Enters the Anti-Spyware Market for information and commentary on that arrangement). Aluria has been vigorously defending that decision, as has one of its more prominent affiliates.

That an anti-spyware vendor would even consider partnering with an adware vendor is shocking enough. The Aluria/WhenU deal is but one symptom of a larger problem that's starting to emerge, however: adware vendors trolling the anti-spyware scene for partners to do similar deals in order to gain the protection of an anti-spyware entity and bask in the good PR that they hope would accompany such a deal. Fortunately, only Aluria has succumbed to the temptation, to our knowledge, but other anti-spyware firms and web sites have been approached.

See first Wayne Porter's new article at Xblock.com, in which he relates the offers made to Xblock (makers of X-Cleaner):

Why We Won't Do Adware
»www.xblock.com/articles/ ··· hp?id=62

Next, see Suzi's new blog entry at Spyware Warrior for the larger picture:

Adware Companies Courting Anti-Spyware Companies
»netrn.net/spywareblog/ar ··· mpanies/

Both articles should make you sit up in your chair. This is a story that bears watching, because the integrity and trustworthiness of anti-spyware tools is absolutely critical to users of the internet anymore. We should feel thankful that most in the anti-spyware scene have resisted the temptation to seize the opportunity for an additional, potentially lucrative revenue source and elected instead to stick to their principles.

Best,

Eric L. Howes

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy

Premium Member

Re: Adware Vendors Seeking New Partnerships...

To me, "running for cover" implies a retreat.
On the contrary they are obviously seeking a higher profile.
From the first link, this sentence that's admittedly out of context & somewhat clarified later made me sit up & pay attention. "This doesn't mean one should not have partnerships, but we would never partner with a company that was using security holes to install their software, or, as the case may be, using affiliates to exploit the security holes and reaping the benefits while claiming innocence"
That sentence doesn't give me a very warm, cozy feeling regardless of how it's clarified.
I was expecting to see a
"We would never partner with an adware company" with a BIG period at the end. I didn't see one.

dp
MVM
join:2000-12-08
Greensburg, PA

dp to eburger68

MVM

to eburger68

Re: Adware Vendors Running for Cover...

said by eburger68:

Both articles should make you sit up in your chair. This is a story that bears watching, because the integrity and trustworthiness of anti-spyware tools is absolutely critical to users of the internet anymore. We should feel thankful that most in the anti-spyware scene have resisted the temptation to seize the opportunity for an additional, potentially lucrative revenue source and elected instead to stick to their principles.
Thanks for the feedback Eric. We have not heard the last of this as more and more of these 'deals' may potentially surface in the coming months so the quote 'Unfortunately it gets harder and harder for consumers to figure out who the enemy really is' couldn't be more accurate.

muf9
Captain of the axe
Premium Member
join:2003-01-04
uk

muf9 to eburger68

Premium Member

to eburger68
Very scary indeed. Will the vendors offering free Anti-Spyware application's be able to resist what could be a lucrative offer? Will the smaller Anti-Spyware vendors be able to resist? It must be a difficult situation to be put in where you have very low income from a renowned application. Then get offered a deal which could harvest a lot of revenue. I certainly hope they can resist. All the more reason for making donation's/purchasing application's instead of taking a free ride. If we paid for the application's we use and trust then the temptation wouldn't even be there.

muf
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

SnowyOne:

I think the title makes the point perfectly clearly: "Why We Don't Do Adware." Also, the sentence right after the passage you quote does expand to include advertising software (that is to say, adware) more generally.

Best,

Eric L. Howes

NetWatchMan
Premium Member
join:2001-03-13
Alpharetta, GA

NetWatchMan to eburger68

Premium Member

to eburger68
Forget about overt partnerships...I have personally analyzed a number of supposed anti-adware utilities which are paying adware companies to advertise their products.

For example on adware I recently installed in my lab (distribution was via IE exploits, BTW)...immediatley does a browser hijack which then issues a search to their search engine for 'spyware'...the top returning site: StopZilla

NOT a coincidence I say.
bedelman0
Premium Member
join:2004-06-20
Cambridge, MA

bedelman0

Premium Member

Are anti-spyware pgms paying spyware pgms for ads?

NetWatchMan, I've observed the kind of rseult you describe. Receive a spyware program, it opens search engine results pages for "spyware", and legitimate or semi-legitimate products come up very high on the rankings, including in the top position.

So the question arises: Did the legitimate companies intend this result?

I have reason to believe that they often did not. In your example, StopZilla might have placed a bid with Overture, Kanoodle, FindWhat, or some other PPC search engine for the term spyware, and might have outbid all other competitors so as to reach the #1 position. In the course of submitting this bid, StopZilla was surely never told that the resulting PPC listings would be shown by traffic hijackers, and showing results via traffic hijackers is probably a breach of the PPC search site's rules.

That's not to say StopZilla might not ultimately figure out what's going on -- if I were spending big money on a PPC campaign, I'd definitely want to know where my results were coming from. And that's not to defend companies (both advertisers and PPC search engines, in this example) who choose to remain ignorant, rather than learn where there money is going.

But your first paragraph "supposed anti-adware utilities ... paying adware companies to advertise" is probably true only in the most indirect sense (anti-adware companies paying PPC indexes which then get traffic from adware companies). In general, I don't think we've seen reason to believe that the legitimate companies have actual knowledge of what's going on.
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

Re: Adware Vendors Running for Cover...

Hi All:

Just to expand a bit on Ben's helpful explanation, we are seeing dodgy anti-spyware applications that are actually being installed as part of a larger collection of adware/spyware programs delivered to users' desktops via drive-by-downloads. The three big ones that are known to be installed via this kind of mass drive-by installation process are SpySpotter, Spyblocs/eBlocs, and Spyware Stormer. In fact, Spyblocs/eBlocs showed up in the adware/spyware collections that I used in two of my tests back in October (see »spywarewarrior.com/asw-t ··· uide.htm ). Moreover, you can search any of the larger anti-spyware forums and find numerous complaints from unwitting victims of these three anti-spyware apps.

Now, I do not have knowledge of the precise arrangments and relationships among the various companies involved in these inexcusable installation processes, but I find them much more troubling than the search site listings discussed above. There is no excuse whatsoever for an anti-spyware application to be downloaded and installed via the same installation methods as the software it's supposed to be detecting and removing.

Best,

Eric L. Howes
bobince
join:2002-04-19
DE

bobince to eburger68

Member

to eburger68
I have been in contact with STOPzilla recently. They claim this promotion is undesired, and it's my personal belief that they're sincere. This is always the danger with an open affiliate scheme, especially when the ad networks are involved.

More policing is required both from the promoted companies and the networks - although given that we know *they're* unlikely to do anything about it, companies like STOPzilla need much tighter control over their promotional activities.

To add to Eric's list, the most common offender is probably VirtualBouncer (and its sister application AdDestroyer), installed en masse by other parasites including IE security exploits.
eburger68
Premium Member
join:2001-04-28

eburger68

Premium Member

Hi All:

Karl Bode now has an excellent article on the subject as well:

»Buying Legitimacy

Definitely worth your time to read what Karl has to say.

Best,

Eric L. Howes

NetWatchMan
Premium Member
join:2001-03-13
Alpharetta, GA

1 recommendation

NetWatchMan to bedelman0

Premium Member

to bedelman0

Re: Are anti-spyware pgms paying spyware pgms for ads?

said by bedelman0:

In general, I don't think we've seen reason to believe that the legitimate companies have actual knowledge of what's going on.
Thanks for the education on how PPC works...however, any legitmate anti-spyware company better damn well know who is and how their products are being marketed. What I'm seeing is akin to an anti-spam product marketing itself via spam.

I could probably put 5-10 anti-spyware products out of business by posting an expose of the inter-relationships between their products and a single piece of adware I've analyzed. Fortunately for them I'm not able to do that at this time for reasons I can't go into.
NetWatchMan

NetWatchMan to bobince

Premium Member

to bobince

Re: Adware Vendors Running for Cover...

said by bobince:

I have been in contact with STOPzilla recently. They claim this promotion is undesired, and it's my personal belief that they're sincere. This is always the danger with an open affiliate scheme, especially when the ad networks are involved.

More policing is required both from the promoted companies and the networks - although given that we know *they're* unlikely to do anything about it, companies like STOPzilla need much tighter control over their promotional activities.

To add to Eric's list, the most common offender is probably VirtualBouncer (and its sister application AdDestroyer), installed en masse by other parasites including IE security exploits.
Here's the link that the adware calls after installation:

»vv6.s13.topx.cc/search.p ··· =spyware
Note: The affliate is different than I post above

Please have the person at StopZilla contact me...would like to hear their explaination.

Since your mention it VirtualBouncer was bundled as part of the adware download via the IE exploit...

I believe the malware I'm dealing with is CoolWebSearch...so it's great for StopZilla to promoted by probably the most notorious Adware out there....nice.
eburger68
Premium Member
join:2001-04-28

4 edits

1 recommendation

eburger68

Premium Member

NetWatchman:

When I was putting together the first version of the Rogue/Suspect Anti-Spyware page this past summer, I started collecting sleazy search results pages, many of them very similar to the topx.cc page you found. As with that topx.cc page, most of the ones I found were CWS-related, and the majority of the products listed on those pages were rather dodgy. Indeed, most of them made the Rogue/Suspect Anti-Spyware page even before I saw them listed on those search results pages.

After a while, though, I began to question just whether the vendors had direct knowledge that their products were being advertised via these kinds of search listings. Before long I had seen just about every anti-spyware product out there listed on one or another of these PPC search listings.

The topx.cc page you link to is a good example of this phenomenon. In addition to the usual suspects (Spyblocs/eBlocs, SpywareBegone, et al) there are otherwise perfectly legitimate products listed (PC Tools Spyware Doctor, McAfee AntiSpyware, StopZilla). I've seen Spy Sweeper, Ad-aware, and other reputable products appear in these kinds of listings as well. That's when I decided that these vendors simply couldn't have any idea where their products were being advertised. If they did, I have to think they'd be horrified (most of them, anyway; some just wouldn't care).

Now, all of this is not to say that these PPC listings aren't a problem -- they are. What we desperately need is a good, hard-hitting expose of how these PPC programs are used to grease the commercial wheels of the underside of the internet and provide financial incentives for destructive entities like CWS to mass install their unwanted wares on millions of victims' PCs. And then we need to push the PPC programs to stop looking the other way when their listings are used by dubious entities like CWS. Finally, we need to publicly pressure anti-spyware vendors and their affiliates to avoid these kinds of programs altogether, esp. if the PPC companies can't be made to vigorously police the use of their listings.

At the end of the day, though, I'm much more worried about the immediate threat posed to net users by programs that are actually installed via drive-by-downloads. If you're a software vendor, there's simply no excuse for not being completely aware of how the installers you built are being used, who is using them, and what circumstances they're being used in. Indeed, the fact that you built such an online installer that can be easily bundled and re-used imposes a special responsibility on you to ensure that it is not abused. And the means to police its use is well within your means, since you control the server from which the installation files are grabbed by the installer.

Apologies for the long-ish post. This is a relatively murky part of the spyware/adware scene that I myself am still trying to fully understand.

Best,

Eric L. Howes
bobince
join:2002-04-19
DE

bobince to eburger68

Member

to eburger68
NetWatchMan: yep, that's the SuperSpider (CWS-related) hijack. I have already forwarded logs related to this affiliate and a few others to STOPzilla. I have also notified them of this thread, should they wish to pop in and defend themselves.

markwp2001
Spreadhead
Premium Member
join:2002-05-25
Long Beach, MS

1 recommendation

markwp2001 to eburger68

Premium Member

to eburger68
Geez, this is interesting to read about the dark underbelly of the beast. I'm thinking there will be a blockbuster movie released next summer, "Spy on THIS, Sucka". Tom Hanks playing eburger, perhaps?
ttt2525
join:2004-12-10
Beverly Hills, CA

ttt2525 to muf9

Member

to muf9
This is a flaw of the software creator, not a flaw with free software. AFAIK Aluria is a for-pay software.

Believe it or not, but the Mozilla foundation has also been approached by spyware companies.

NetWatchMan
Premium Member
join:2001-03-13
Alpharetta, GA

NetWatchMan

Premium Member

said by NetWatchMan:

»vv6.s13.topx.cc/search.p ··· =spyware
Note: The affliate is different than I post above

Please have the person at StopZilla contact me...would like to hear their explaination.
As a follow up, it's been weeks and still no contact from StopZilla...make your own conclusions.
bobince
join:2002-04-19
DE

bobince to eburger68

Member

to eburger68
> As a follow up, it's been weeks and still no contact from StopZilla...make your own conclusions.

I didn't pass on your contact in particular, but did point out this thread.

I have not heard from STOPzilla in the meantime either, unfortunately, so indeed it is not looking great.

Shame, he seemed like such a nice chap and all...