A Day in the Life of a Spyware Company

prostoalex writes "Business Week has a detailed expose of Direct Revenue. The article has some juicy details on the everyday workings of a spyware outlet, talks about the the business model and advertisers who funnel cash to Direct Revenue, and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."

"Anti-spyware Achievements"?

[Pantero Blanco]

"and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."

The crack dealer on one side of the street achieved a victory against crime today when he killed the competing dealer on the other side.

I very much doubt that their reasons for blasting away competing apps were for the benefit of the user. Most likely, they don't want the user's computer to slow down enough for them to notice and do a spyware sweep.

Well then

[Dread Pirate Shanks]

What do the items on this list have in common?

- Cingular Wireless
- Vonage
- Kazaa
- JP Morgan Chase
- Delta
- Travelocity
- Priceline.com

All companies that will no longer have my business, ever. (not that Kazaa would anyways)

I just wish I had the complete list

Dupe: First Paragraph of Each

[Anonymous Coward]

even the link is the same

Yes [slashdot.org], here's some physical proof to save you all some time, but note the slight difference (you will see it because its the only bold text).

BusinessWeek [businessweek.com]: ( JULY 17, 2006)
Consumers have strong opinions about Direct Revenue's software. "If I ever meet anyone from your company, I will kill you," a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. "I will f------ kill you and your families." Such sentiments aren't unusual. "You people are EVIL personified," Kevin Horton wrote around the same time. "I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system."

MSNBC [msn.com]: ( Updated: 5:51 p.m. CT July 7, 2006 )
Consumers have strong opinions about Direct Revenue's software. "If I ever meet anyone from your company, I will kill you," a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. "I will f------ kill you and your families." Such sentiments aren't unusual. "You people are EVIL personified," Kevin Horton wrote around the same time. "I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system."

The text is exactly the same, only the date is different. Seems like this cover story that was either launched too early or it was an unintentional error. No big news here.

Re:Oh, What Hath Marketing Wrought?

[Orange Goblin]

Jesus, what a load of crap. I run a stable XP box with a combination of a virus scanner and a hardware firewall, and I have no problem with spyware or viruses (you know, the actual plural of virus), and the only time it goes down is when I (rarely) shut it down. The one time I had a problem with spyware that a good dose of Adaware couldn't fix, I just went back to the last system restore point. I don't need to know how Windows "really" works to be able to use it. It's a tool. Do you know how your car really works? Your dishwasher? Your microwave? Could you build one from scratch? You don't need to, as long as you don't crash your car or put your foot through your microwave. Same goes with Windows - don't download stupid crap, and you'll be fine. "Insightful", indeed...

You know what really grinds my gears?

[subxero37]

I was browsing 4chan the other day, in their Random section, looking for interesting (ha) pictures to add to my new website that's been in the works for way too long, and bam -- I get tons of popups, a bunch of icons appear on my desktop, and I've got three freakin' toolbars (unhideable toolbars, mind you) in all of my Explorer windows. What's more -- I was using Firefox. I have IE's settings set to the highest possible security, so that even in the worst case that IE lauched for any reason, I won't get screwed. But wow, I certainly did not expect Firefox to be vulnerable to spyware. (I have since reformatted -- I tried everything to get rid of the toolbars and extra crap. I eventually got rid of most of it, but the thing made it so I couldn't right-click anything except for icons in Explorer. Arrrr. Why didn't I view 4chan on my Slackware box? -- More digression: the spyware managed to install some crappy program, which was actually listed in Add/Remove Programs, but the program was using over 10 MB. How can spyware install so quickly if it's so large?)

I see a lot of computers with spyware. Most, if not all, of the computers that I fix have been completely demolished by malware, spyware, adware, and just general crap. A lot of times, it's from user ignorance (the kind of people that don't even skim EULAs). However, many times, it's from them visiting a website that looks just fine, and the website using some kind of hole in IE to screw over the viewer.

So I must ask, how is exploiting security holes a legal business method? It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily. Since many times it is known (through thorough searches and whatnot) who created the spyware with which one's machine is infected, I find it hard to believe that no serious legal action has been taken up with these companies.

I am truly displeased to see even Firefox becoming a serious target for these jackasses. If Opera felt better (I have this thing about the "feel" of some programs that I can't explain) I might think about almost downloading it.

Why not go after the site operator or ISP?

[Cygnusx12]

I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?
I mean, If an advertiser or client becomes a liability, wouldn't spyware go away on it's own without having to be illegal?

I'm sure this angle has been covered before.. but it's early and I'm still on my first cup of caffiene.

Companies have the right to advertise, but (imho)they don't have the right to install *anything* on your PC. (For that matter, what is acceptable advertising on the net?)

suuuurre riiiight, whatever.

[v1]

My favorite page-1 quote from that article would have to be Some advertisers say their messages have appeared in pop-ups without their permission.

How STUPID do they think we are? As an advertiser, you don't accidentally advertise for someone that's not paying you. When's the last time you saw a commercial on TV that the retailer denied they paid for? The spammers are charginng a lot for their service, and there is no shortage of customers, so I'm quite certain they are only spamming for paying customers.

More than likely these are cases where someone in marketing got the brilliant idea to advertise with spyware and started it without really letting their uppers know what the fallout was going to be. Then six months later when the CEO's in-box is piled high with complaints they deny they had anything to do with it.

If I'm a Legit Business...

[istartedi]

...how can I prevent my ads from being served by spyware? How about a clause in my contract with the advertising company that says "Ads served by provider and any subcontractor will not be served by pop-up, and will only be served as the result of a user willfully navigating to a web page which serves ads, and may not be served as the result of any additional software installed on the user's computer. The definition of 'pop-up', 'willfully navigating' and 'installed' remains at the discretion of the customer, and we reserve the right to terminate this contract if the advertising agency is unable to assure us that it meets these criteria."

For some small business this wouldn't work too well, but if big companies started doing it, and it became standard operating procedure for corporations, it would help a lot. Suddenly, other advertisers will just stop dealing with these guys.

Nailing down the definitions is a bit tricky, and IIRC there was a case where some company sued over being designated as malware, so this approach isn't a cure-all. Going after the actual technical definition of something is a bit more effort, but it quashes the arguments of companies that might complain they are being singled out prejudicially.

Also, pornographers and other shady businesses will always do stuff like this, but at least we'll maintain the association of sleaziness with pop-ups and spyware, which is where it belongs.

Re:You know what really grinds my gears?

[petermgreen]

So I must ask, how is exploiting security holes a legal business method?
its not

It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily
no afaict its thier redistributers (usually on some form of commission) who do so. Theese redistributors are much harder to trace and when you do they are the bottom of the pile and easilly replaceable anyway.