Forgot your password?
typodupeerror

A Day in the Life of a Spyware Company 215

Posted by ScuttleMonkey
from the get-rich-quick-schemes dept.
prostoalex writes "Business Week has a detailed expose of Direct Revenue. The article has some juicy details on the everyday workings of a spyware outlet, talks about the the business model and advertisers who funnel cash to Direct Revenue, and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."
This discussion has been archived. No new comments can be posted.

A Day in the Life of a Spyware Company

Comments Filter:
  • by bunions (970377) on Sunday July 09, 2006 @01:31AM (#15686028)
    http://it.slashdot.org/article.pl?sid=06/07/07/155 1237 [slashdot.org]

    It's the same article in a different place.

    Additionally, it's in a different place, but it's the same article.
  • by Pantero Blanco (792776) on Sunday July 09, 2006 @01:32AM (#15686030)
    "and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."

    The crack dealer on one side of the street achieved a victory against crime today when he killed the competing dealer on the other side.

    I very much doubt that their reasons for blasting away competing apps were for the benefit of the user. Most likely, they don't want the user's computer to slow down enough for them to notice and do a spyware sweep.
    • by Anonymous Coward on Sunday July 09, 2006 @01:41AM (#15686041)
      No, they did it so that users are more likely to click their popups rather than someone else's.
    • by QuantumFTL (197300) * <justin.wickNO@SPAMgmail.com> on Sunday July 09, 2006 @03:10AM (#15686175)
      I think the word achievement is very apropos in this context (as, like many other english words, it has multiple possible meanings/connotations) - they developed a considerable amount of technology, both to disable other spyware, and to prevent their spyware from being likewise removed. This is a signficant achievement, one which was in no small part a reason for their success. It can be recognized as such when readers isolate their analytical mind from their moral repugnance.

      Also do remember that they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.
      • Sleep Well? (Score:3, Insightful)

        by twitter (104583)

        they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.

        You are way too kind to this scum. Their rationalization was that there was money to be made but not for long and that only those who struck hardest would make it. The dirt bag interviewed admitted this by quoting Douglas, "Find out just what any people will quietly submit t

    • for blasting away competing apps were for the benefit of the user. Most likely

      Uhmm, maybe that's why nobody said that they did it for benefiting the users ? Killing competition and generating revenue was their goal, I don't think anybody ever doubted that.

  • by atarione (601740) on Sunday July 09, 2006 @01:33AM (#15686031)
    by spamming this story multiple times
  • by arivanov (12034) on Sunday July 09, 2006 @01:35AM (#15686032) Homepage
    Latitude, longitude, altitude.
  • Hmm. (Score:5, Funny)

    by AndreiK (908718) <AKrotkov@gmail.com> on Sunday July 09, 2006 @01:47AM (#15686051)
    So if you run their program and their competitor's program at the same time, they will kill each other off? Who needs virus scanners now?
    • Re:Hmm. (Score:2, Funny)

      by LazyDino (982072)
      Linux users! They can't benefit from this antagonism ;)
      • by bmo (77928)
        "Linux users! They can't benefit from this antagonism ;)"

        Hey, I didn't even know that DirectRevenue even existed except for this dupe (I missed the original).

        I am torn. Vista is supposedly going to have better security (heh) than XP (chuckle) and I'm sort of rooting for it to be successful in that regard if simply to put the malware and spyware hosers out of "bidness." But then we're talking "Microsoft" and "security" in the same sentence, like some other poster mentioned "Ethics Department of Sudan." Mi
    • Re:Hmm. (Score:5, Funny)

      by bblboy54 (926265) on Sunday July 09, 2006 @02:04AM (#15686074) Homepage
      So if you run their program and their competitor's program at the same time, they will kill each other off? Who needs virus scanners now?

      Actually, who needs this? Windows has this feature built right in.
  • Well then (Score:4, Interesting)

    by Dread Pirate Shanks (860203) on Sunday July 09, 2006 @02:36AM (#15686130)
    What do the items on this list have in common?

    - Cingular Wireless
    - Vonage
    - Kazaa
    - JP Morgan Chase
    - Delta
    - Travelocity
    - Priceline.com

    All companies that will no longer have my business, ever. (not that Kazaa would anyways)

    I just wish I had the complete list
  • by teratogenicbenzene (887723) on Sunday July 09, 2006 @02:44AM (#15686142) Homepage
    Douglas Kee, then Direct Revenue's chief of quality assurance (QA)...

    Isn't having a quality assurance branch for a spyware company kind of an oxymoron?
    That's like having an "ethics department of sudan" or "NSA oversight committee".

    Sigh...
    • That's like having an "ethics department of sudan" or "NSA oversight committee".

      Actually considering how insecure the US has proven to be, I'd say the NSA Oversight Committee must be working overtime!

      *ducks*
    • sn't having a quality assurance branch for a spyware company kind of an oxymoron? That's like having an "ethics department of sudan" or "NSA oversight committee".

      No, it's not. Quality of a code/sw has nothing to do with the ethical questions the use or the goals of the sw raises.

  • by Anonymous Coward on Sunday July 09, 2006 @04:10AM (#15686241)
    For persons concerned about spyware it should be pointed out that the important thing is not the spyware company,

    It is the companies which employ them.

    The article glosses over that with only slight mention. . .

    As a victim of the Aurora trojan on a Windoze box I became intimately aware of Direct Revenue and the damage they have caused to many people. Until this article, however, I always assumed they were supported by pr0n sites and spammers.

    Instead it turns out Vonage is their main customer!

    It's bad enough that Vonage plasters their annoying ads all over the net, and plays their annoying jingle on every channel of TV. Obviously, though, that is not sufficient. They must also use spyware to hook customers and violate more US and International laws.

    Vonage has a history of this type of illegal behavior (in chronological order):

    1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.

    2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.

    3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).

    4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".

    5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.

    6. The whole Vonage IPO stock fiasco: not surprising if you noticed item #1.

    If Vonage doesn't qualify for U.S. Federal Prosecution on at least ONE of these items something is clearly wrong with our legal system that supposedly was fixed after Enron/Worldcom.

    • And yet, I'm only paying $25/mo for phone servive, instead of $50+ that I used to pay to the ILEC, using the broadband connection that I had already. I have heard about Vonage's troubles, their IPO problem, the fact that they're still burning cash. Fine. I'll get cheaper phone service while they do so.
    • by grylnsmn (460178) on Sunday July 09, 2006 @10:43AM (#15687014)
      Let's look at each of your points.
      1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.
      If he was charged before, then he was either found not guilty (in which case from the law's standpoint he didn't do anything wrong and it can't be held against him) or he was found guilty and paid the penalty for his actions (in which case, unless the penalty included abandoning the business field, he is also in the clear).

      2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.
      They sold you a device designed to work with their service. What law requires them to provide support to you in using that device outside of hte parameters for which it was designed and sold? You are free to modify your device all you want, but they are not responsible for helping you or fixing it if you make it unusable.

      3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).
      It was sold for the purpose of connecting to the Vongage service, and no representation was made that it can be connected to other services (at least, I can't find any in the materials I got with my adapter). If anything, they are up front about it. You are still free to modify it if you want, but they are not required to help you, nor are they required to make it easy for you. If you want an unlocked adapter, you need to search out and buy an unlocked adapter.

      4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".
      This one may have some merit, but in order to really prosecute it, you would need to establish that it is company policy, not simply the actions of individual customer service reps.

      5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.
      Just because a site uses the official name and logo doesn't mean that it is operated by those people, especially if they have a notice saying that they aren't. Advertising also does not equal ownership. Vonage puts ads on a lot of sites that they don't own, operate, or control.

      6. The whole Vonage IPO stock fiasco: not surprising if you noticed item #1.
      I read the prospectus, and it was rather clear from the information provided that it would not do all that well. That is the fault of the people who either bought the stock without reading the prospectus, or who bought it in spite of all of the warnings. Those who made legal commitments to purchase stock but then wanted to back out after seeing the drop in price still have that legal obligation to purchase the stock.

      Of the items you listed, you have at most one valid point. Perhaps you might reconsider a lot of your position.
  • An article about internet advertising that makes me click through 5 pages for just one article. Its a shame I didn't click past the first page.
  • by AriaStar (964558) on Sunday July 09, 2006 @05:29AM (#15686343) Journal
    It amounts to stalking, spying, possibly breaking and entering, and stealing, and the porn pop-ups break federal laws.

    When you go to many websites, such as Amazon or Adam & Eve, you can expect as much privacy as in a local mall. But if someone were to follow you around from store to store, at that point it would be stalking.

    Now when that "someone" (spyware company) breaks into your property (your computer) to install something without your consent (spyware programs), it's beyond just your typical stalking and into spying. Add to the charge that this "person" didn't have permission to enter your property in any way and you can add breaking and entering to this.

    To run this program that you didn't consent to having uses power you are paying for. If it causes your system to crash, if you are someone who can't fix it, you've got to pay someone to repair it for you. Money out of your pocket. Theft. At the least of your own time to fix it.

    When you go to a porn site, you usually have to click something saying you are at least 18 or of legal age to view sexually explicit material, and that you consent to doing so. If you were to sit a minor in front of the computer, or were to allow a minor to be nearby while viewing said material, you've commited an offense for which you could be required to register as a sex offender. But yet porn pop-ups happen on sites that aren't sexual in nature, sites that kids sometimes visit. The spyware company is giving no notice whatsoever that sexual material is about to pop up, no chance to consent or for children to be removed from the room first. Would this not be a violation of federal laws by the spyware companies by exposing minors to sexual material?

    So I repeat, why is spyware not illegal?
    • It's one of those things that's hard to define. You know it when you see it, but providing a hard and fast definition, which is what you need for a law, is very difficult. Every one I can think up either is too lax, and so it would not be useful because spyware companies would just find ways to modify their software to be legal, or is too strict, and bans useful software. For example you might be inclined to define it as software that downloads things to your computer in the background without you specificl
      • Simple law:

        Before anything can install on your system, the company must obtain expressed consent. If software is bundled with something else, permission must be obtained. Software defined as a program which can run independently of the software/download/whatever with which is it bundled. (Such as if I download a program that needs Quicktime to run, I am asked if I want to download it as it is seperate.)

        Or make it like an ingredients list for food. The contents are clearly labeled.
    • Ironic that your linked image in your sig is worksafe, but the photoalbum that it's linked to isn't and also has no warning...

      Just a thought!
    • So I repeat, why is spyware not illegal?

      Dunno, seems like the government would make it illegal so that they would no longer have any competition.

      Good question.

      Actually, since the government usually sucks at their spying on citizens and keeping their own data secure, maybe they need these guys around for help?

      • You know, the government probably does get this information. With what the bastards are already demanding ISPs to have over, I wouldn't doubt that they are indeed paying spyware companies for this information.
    • >>So I repeat, why is spyware not illegal?

      Because you agreed to it in the license!
    • You have some mistaken premises above.

      Here's the short of it: nothing can run on your computer without your demand, much less consent. Nothing. Without your command to perform operations your computer would just be a giant paperweight.

      How did the spyware get on your computer? How did it execute? Somewhere along the line you had to issue commands telling the computer to execute that code. It may even be three stages removed: you told the computer to do something and the computer executed the code in the proc
  • by subxero37 (985222) <subxero@phatcode. n e t> on Sunday July 09, 2006 @08:50AM (#15686706) Homepage
    I was browsing 4chan the other day, in their Random section, looking for interesting (ha) pictures to add to my new website that's been in the works for way too long, and bam -- I get tons of popups, a bunch of icons appear on my desktop, and I've got three freakin' toolbars (unhideable toolbars, mind you) in all of my Explorer windows. What's more -- I was using Firefox. I have IE's settings set to the highest possible security, so that even in the worst case that IE lauched for any reason, I won't get screwed. But wow, I certainly did not expect Firefox to be vulnerable to spyware. (I have since reformatted -- I tried everything to get rid of the toolbars and extra crap. I eventually got rid of most of it, but the thing made it so I couldn't right-click anything except for icons in Explorer. Arrrr. Why didn't I view 4chan on my Slackware box? -- More digression: the spyware managed to install some crappy program, which was actually listed in Add/Remove Programs, but the program was using over 10 MB. How can spyware install so quickly if it's so large?)

    I see a lot of computers with spyware. Most, if not all, of the computers that I fix have been completely demolished by malware, spyware, adware, and just general crap. A lot of times, it's from user ignorance (the kind of people that don't even skim EULAs). However, many times, it's from them visiting a website that looks just fine, and the website using some kind of hole in IE to screw over the viewer.

    So I must ask, how is exploiting security holes a legal business method? It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily. Since many times it is known (through thorough searches and whatnot) who created the spyware with which one's machine is infected, I find it hard to believe that no serious legal action has been taken up with these companies.

    I am truly displeased to see even Firefox becoming a serious target for these jackasses. If Opera felt better (I have this thing about the "feel" of some programs that I can't explain) I might think about almost downloading it.
  • I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?
    I mean, If an advertiser or client becomes a liability, wouldn't spyware go away on it's own without having to be illegal?

    I'm sure this angle has been covered before.. but it's early and I'm still on my first cup of caffiene.

    Companies have the right to advertise, but (imho)they don't have the right to install *anything* on your PC. (For that matter, what is acceptable advertisin
    • I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?

      This is a very bad idea. Telecommunications companies enjoy what is called "common carrier status" meaning they are not responsible typically for the nature of the content across their networks. Instead, they are merely "common carriers." Can you imagine AT&T being charged because of a discussion over their long distance service that ended up involving illegal activity? The firs
  • Direct Revenue has struggled to fend off a lawsuit filed in April by New York Attorney General Eliot Spitzer. The state court action alleges that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users' consent. Shining a light on the shadowy spyware trade, the suit asserts that the company violated New York civil laws against false advertising, computer tampering, and trespassing.

    Why aren't these guys in jail? Computer tampering is a federal felony cri
    • "If one of the infected computers ends up being a government machine, under the USA Patriot Act, this could be a capital crime"

      Dude, the PATRIOT act is a virtual blank check for Government/LE abuse.

      Don't toy with our emotions by giving us one GOOD way it could be (but never will be) abused... er.. used.!
  • by v1 (525388) on Sunday July 09, 2006 @11:04AM (#15687072) Homepage Journal
    My favorite page-1 quote from that article would have to be Some advertisers say their messages have appeared in pop-ups without their permission.

    How STUPID do they think we are? As an advertiser, you don't accidentally advertise for someone that's not paying you. When's the last time you saw a commercial on TV that the retailer denied they paid for? The spammers are charginng a lot for their service, and there is no shortage of customers, so I'm quite certain they are only spamming for paying customers.

    More than likely these are cases where someone in marketing got the brilliant idea to advertise with spyware and started it without really letting their uppers know what the fallout was going to be. Then six months later when the CEO's in-box is piled high with complaints they deny they had anything to do with it.
  • by DaveInAustin (549058) on Sunday July 09, 2006 @11:07AM (#15687079) Homepage
    FTFA: by accepting its ads, consumers get popular software applications free of charge that otherwise can cost up to $30 apiece.
    Wow, I can save $30 by making my $500 PC unusable.
  • by istartedi (132515) on Sunday July 09, 2006 @12:26PM (#15687342) Journal

    ...how can I prevent my ads from being served by spyware? How about a clause in my contract with the advertising company that says "Ads served by provider and any subcontractor will not be served by pop-up, and will only be served as the result of a user willfully navigating to a web page which serves ads, and may not be served as the result of any additional software installed on the user's computer. The definition of 'pop-up', 'willfully navigating' and 'installed' remains at the discretion of the customer, and we reserve the right to terminate this contract if the advertising agency is unable to assure us that it meets these criteria."

    For some small business this wouldn't work too well, but if big companies started doing it, and it became standard operating procedure for corporations, it would help a lot. Suddenly, other advertisers will just stop dealing with these guys.

    Nailing down the definitions is a bit tricky, and IIRC there was a case where some company sued over being designated as malware, so this approach isn't a cure-all. Going after the actual technical definition of something is a bit more effort, but it quashes the arguments of companies that might complain they are being singled out prejudicially.

    Also, pornographers and other shady businesses will always do stuff like this, but at least we'll maintain the association of sleaziness with pop-ups and spyware, which is where it belongs.


  • Personal email at one point was getting so bad that I was concidering telling people to send me a fax instead of an email.
    I do have a fax machine so if it would come to that crunch, I have it in preparedness. It has an added bonus that people who send junk faxes can be easily prosecuted.

The reason that every major university maintains a department of mathematics is that it's cheaper than institutionalizing all those people.

Working...