Slashdot Mirror
A Day in the Life of a Spyware Company
prostoalex writes "Business Week has a detailed expose of Direct Revenue. The article has some juicy details on the everyday workings of a spyware outlet, talks about the the business model and advertisers who funnel cash to Direct Revenue, and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."
even the link is the same
http://it.slashdot.org/article.pl?sid=06/07/07/15
now enjoy re-hashing the same arguments over and over
Windows sucks, get a mac/linux yadda yadda yadda
http://it.slashdot.org/article.pl?sid=06/07/07/155 1237
It's the same article in a different place.
Additionally, it's in a different place, but it's the same article.
there is no need to sign your posts. this isn't usenet. your username is right there above your post. stop it.
"and even mentions Direct Revenue's anti-spyware achievements (the company's installer blasted away competing spyware apps, so that the user's computer wouldn't be overwhelmed with redundant pop-ups)."
The crack dealer on one side of the street achieved a victory against crime today when he killed the competing dealer on the other side.
I very much doubt that their reasons for blasting away competing apps were for the benefit of the user. Most likely, they don't want the user's computer to slow down enough for them to notice and do a spyware sweep.
by spamming this story multiple times
actually I am happy to see you, however that is in fact a banana in my pocket.
Latitude, longitude, altitude.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
Clearing other spyware apps away? That's a new one...
find executives
kill them (or pay a crackhead to do it)
rejoice
if execs feared for their lives this kind of thing wouldnt happen
society really would be better off
So if you run their program and their competitor's program at the same time, they will kill each other off? Who needs virus scanners now?
thank you spyware , thanks to you , i am using gentoo now.
Alternative method (more fun: involves more killing)
1) Find all stupid users that install spyware
2a) Kill them
2b) Spyware companies no longer have a source of income and give up
3) Rejoice
You could also replace 2a) with 'Educate them' but that's a lot more difficult, time-consuming and far less fun.
Man, you gotta sing it like this:
"Dupe, dupe, dupe,
Dupe of Earl, dupe, dupe..."
Yes, its OT. I don't care. It's funny.
What do the items on this list have in common?
- Cingular Wireless
- Vonage
- Kazaa
- JP Morgan Chase
- Delta
- Travelocity
- Priceline.com
All companies that will no longer have my business, ever. (not that Kazaa would anyways)
I just wish I had the complete list
Douglas Kee, then Direct Revenue's chief of quality assurance (QA)...
Isn't having a quality assurance branch for a spyware company kind of an oxymoron?
That's like having an "ethics department of sudan" or "NSA oversight committee".
Sigh...
The Secret of Life: Proteins fold up and bind things.
even the link is the same
Yes, here's some physical proof to save you all some time, but note the slight difference (you will see it because its the only bold text).
BusinessWeek: ( JULY 17, 2006)
Consumers have strong opinions about Direct Revenue's software. "If I ever meet anyone from your company, I will kill you," a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. "I will f------ kill you and your families." Such sentiments aren't unusual. "You people are EVIL personified," Kevin Horton wrote around the same time. "I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system."
MSNBC: ( Updated: 5:51 p.m. CT July 7, 2006 )
Consumers have strong opinions about Direct Revenue's software. "If I ever meet anyone from your company, I will kill you," a person who identified himself as James Chang said in an e-mail to Direct Revenue last summer. "I will f------ kill you and your families." Such sentiments aren't unusual. "You people are EVIL personified," Kevin Horton wrote around the same time. "I would like the four hours of my life back I have wasted trying to get your stupid uninvited software off my now crippled system."
The text is exactly the same, only the date is different. Seems like this cover story that was either launched too early or it was an unintentional error. No big news here.
What are they thinking when they go about ruining peoples computers. I feel bad for all the windows users that complain about their computers getting slower. Its probably this companies fault.
Spy vs. Spy!
Resolving the references in the title and content of this comment is an exercise left to the reader ...
To err is human. To forgive is good system design.
For persons concerned about spyware it should be pointed out that the important thing is not the spyware company,
It is the companies which employ them.
The article glosses over that with only slight mention. . .
As a victim of the Aurora trojan on a Windoze box I became intimately aware of Direct Revenue and the damage they have caused to many people. Until this article, however, I always assumed they were supported by pr0n sites and spammers.
Instead it turns out Vonage is their main customer!
It's bad enough that Vonage plasters their annoying ads all over the net, and plays their annoying jingle on every channel of TV. Obviously, though, that is not sufficient. They must also use spyware to hook customers and violate more US and International laws.
Vonage has a history of this type of illegal behavior (in chronological order):
1. Its Chairman, Jeffrey Citron, was charged by the SEC with Securities violations due to illegal trades, while he was Chairman of Datek Securities, before starting Vonage.
2. Vonage has consistently engaged in anticompetitvive behaviour against its competitors by blocking SIP calls, and locking down their devices to prevent customers from using the devices with competitors.
3. Vonage has consistently engaged in deceptive advertising when selling their equipment and services by not disclosing that the equipment is not really owned by the consumer (it can't be unlocked to work with other providers).
4. Vonage has consistently engaged in deceptive marketing by convincing customers to LNP port their existing phone number to Vonage when the LNP port could not be done. Even though Vonage could not port the number due to lack of a CLEC in their area code, Vonage reps would tell the customer it could be done "soon".
5. Vonage deceptively operates a web site at Vonage-Forum.com. Only recently has a notice gone up that the site is not operated by Vonage. The site, however, uses the trademarked Vonage name and logo, and has Vonage ads on it.
6. The whole Vonage IPO stock fiasco: not surprising if you noticed item #1.
If Vonage doesn't qualify for U.S. Federal Prosecution on at least ONE of these items something is clearly wrong with our legal system that supposedly was fixed after Enron/Worldcom.
Fast forward 15 years. Now, seeing the size of this market (TFA says 20 million machines are infected), of course the advertisers (through their overlords, the marketeers) reacted. They tried being nice guys over the years; but even trained monkeys had learned what happens when you pressed that browser button that said "HERE!! FREE SOFTWARE!!". So they got a little more devious, as advertisers are prone to do. When something for nothing doesn't work, there are more subtle ways to grow your market share.
Since Windoze is -- in and of itself -- so lame that it will allow its heavily touted, unique controls (DirectX, for example) to do so many things for all those unsuspecting sops without their having to know anything about what's going on or what they're doing; wouldn't it be natural that people intent on controlling what you see (advertisers) exploit weaknesses in those controls for purposes that even the morons at Microsoft never saw coming?
Just look at how bad MS' TCP/IP implementations have been over the years; holes you can drive a truck through. Even the IP stack in XP still sucks. Microsoft's OS development operations are a textbook case of how not to design, develop, and test operating systems.
The true irony is that the Winidiots are finally imploding. These were the guys who -- back in the day -- ran Wingate (thinking it was a powerful, admin-free firewall), binding all its services to 0.0.0.0, giving spammers and skript kiddiez alike free phony IP addresses and bandwidth behind which they could cause all sorts of mischief. Today, these same losers are threatening to kill people who infect their computers. It's sweet justice, says I: your choice of the same poorly designed, top-secret, commodity OS that the rest of the ignorant mass uses now threatens to turn you into a bonafide criminal (issuing death threats is still against the law).
If you run Windoze, you've done this to yourself. Windows: the OS for idiots invented by idiots. Is it any surprise this should be the most hacked OS on the face of the earth? Nobody except Microsoft knows how it really works, and the devious geniuses out there have figured out how to exploit the mile-wide loopholes MS has left for them to use. If you're a windoze user, there is no longer any way for you to remain free from malware/spyware/virii by modifying your behaviors. And I suppose there are people out there who didn't see this coming. MS sure didn't.
Now, quick: hang the real criminals (the marketeers, advertisers, and Dark Artists) before they learn how to infect the rest of the OSes out there for fun and profit. Hurry: make an example of these scum before anybody else invents any more 'brilliant' advertising paradigms (at least they could patent this shit and sue each other to death, ya know?). At least the Windoze experience won't have been in vain.
Founding member: He-Man Windoze Hater Club
An article about internet advertising that makes me click through 5 pages for just one article. Its a shame I didn't click past the first page.
Is it just me or is something broken around here? This story has been up for hours, and still only 2 comments, none of which are above the default viewing threshold? huh?
I have seen first hand that Norton and McAfee don't work on this. Simply run Ad-aware and ewido, both free, and both get the job done. But people seem to spend millions each year on crappy programs that perpetuate spy-ware and viruses. Stupid humans. I wonder if one can sue a company such as Revenue Direct for, well, I don't know, messing up someones computer? If only sleep could be caught.
It amounts to stalking, spying, possibly breaking and entering, and stealing, and the porn pop-ups break federal laws.
When you go to many websites, such as Amazon or Adam & Eve, you can expect as much privacy as in a local mall. But if someone were to follow you around from store to store, at that point it would be stalking.
Now when that "someone" (spyware company) breaks into your property (your computer) to install something without your consent (spyware programs), it's beyond just your typical stalking and into spying. Add to the charge that this "person" didn't have permission to enter your property in any way and you can add breaking and entering to this.
To run this program that you didn't consent to having uses power you are paying for. If it causes your system to crash, if you are someone who can't fix it, you've got to pay someone to repair it for you. Money out of your pocket. Theft. At the least of your own time to fix it.
When you go to a porn site, you usually have to click something saying you are at least 18 or of legal age to view sexually explicit material, and that you consent to doing so. If you were to sit a minor in front of the computer, or were to allow a minor to be nearby while viewing said material, you've commited an offense for which you could be required to register as a sex offender. But yet porn pop-ups happen on sites that aren't sexual in nature, sites that kids sometimes visit. The spyware company is giving no notice whatsoever that sexual material is about to pop up, no chance to consent or for children to be removed from the room first. Would this not be a violation of federal laws by the spyware companies by exposing minors to sexual material?
So I repeat, why is spyware not illegal?
It's a girl!
As long as they don't have Linux support, I'm not interested!
It's one of those things that's hard to define. You know it when you see it, but providing a hard and fast definition, which is what you need for a law, is very difficult. Every one I can think up either is too lax, and so it would not be useful because spyware companies would just find ways to modify their software to be legal, or is too strict, and bans useful software. For example you might be inclined to define it as software that downloads things to your computer in the background without you specificly initating it. Sounds good, until you realise this bans things like Firefox's auto updater. Ok so you add a provision saying "but it's ok if it informs you." So now the spyware comes with a big legalese contract that "informs" you (much of it already does).
Unfortunately, I don't think that over all we can have a law that makes spyware illegal, but doesn't ban useful software.
If it ain't got source and a GNU or open source approved license it doesn't get installed, no matter how great that piece of software looks.
"My opinions are my own, and I've got *lots* of them!"
I was browsing 4chan the other day, in their Random section, looking for interesting (ha) pictures to add to my new website that's been in the works for way too long, and bam -- I get tons of popups, a bunch of icons appear on my desktop, and I've got three freakin' toolbars (unhideable toolbars, mind you) in all of my Explorer windows. What's more -- I was using Firefox. I have IE's settings set to the highest possible security, so that even in the worst case that IE lauched for any reason, I won't get screwed. But wow, I certainly did not expect Firefox to be vulnerable to spyware. (I have since reformatted -- I tried everything to get rid of the toolbars and extra crap. I eventually got rid of most of it, but the thing made it so I couldn't right-click anything except for icons in Explorer. Arrrr. Why didn't I view 4chan on my Slackware box? -- More digression: the spyware managed to install some crappy program, which was actually listed in Add/Remove Programs, but the program was using over 10 MB. How can spyware install so quickly if it's so large?)
I see a lot of computers with spyware. Most, if not all, of the computers that I fix have been completely demolished by malware, spyware, adware, and just general crap. A lot of times, it's from user ignorance (the kind of people that don't even skim EULAs). However, many times, it's from them visiting a website that looks just fine, and the website using some kind of hole in IE to screw over the viewer.
So I must ask, how is exploiting security holes a legal business method? It's obvious that most spyware-creating companies use this tactic, since it's obvious that no one in their right minds would accept spyware voluntarily. Since many times it is known (through thorough searches and whatnot) who created the spyware with which one's machine is infected, I find it hard to believe that no serious legal action has been taken up with these companies.
I am truly displeased to see even Firefox becoming a serious target for these jackasses. If Opera felt better (I have this thing about the "feel" of some programs that I can't explain) I might think about almost downloading it.
...Steven Jobs, he comes to me.
Speaking words of wisdow, 'A-P-P-L-E!'"
OS X...because making UNIX friendly was easier than fixing Windows.
Guaranteed! This comment 100% Anthrax free!
I've been thinking about this alot lately, and why *not* make Site Operator's or ISP's liable for the client's activities?
I mean, If an advertiser or client becomes a liability, wouldn't spyware go away on it's own without having to be illegal?
I'm sure this angle has been covered before.. but it's early and I'm still on my first cup of caffiene.
Companies have the right to advertise, but (imho)they don't have the right to install *anything* on your PC. (For that matter, what is acceptable advertising on the net?)
Direct Revenue has struggled to fend off a lawsuit filed in April by New York Attorney General Eliot Spitzer. The state court action alleges that Direct Revenue crossed a legal line by installing advertising programs in millions of computers without users' consent. Shining a light on the shadowy spyware trade, the suit asserts that the company violated New York civil laws against false advertising, computer tampering, and trespassing.
Why aren't these guys in jail? Computer tampering is a federal felony criminal offense. If one of the infected computers ends up being a government machine, under the USA Patriot Act, this could be a capital crime. Why is the NY AG dicking around with some boneheaded civil lawsuit? They should march into the offices with federal marshalls and put these guys in chains.
My favorite page-1 quote from that article would have to be Some advertisers say their messages have appeared in pop-ups without their permission.
How STUPID do they think we are? As an advertiser, you don't accidentally advertise for someone that's not paying you. When's the last time you saw a commercial on TV that the retailer denied they paid for? The spammers are charginng a lot for their service, and there is no shortage of customers, so I'm quite certain they are only spamming for paying customers.
More than likely these are cases where someone in marketing got the brilliant idea to advertise with spyware and started it without really letting their uppers know what the fallout was going to be. Then six months later when the CEO's in-box is piled high with complaints they deny they had anything to do with it.
I work for the Department of Redundancy Department.
FTFA: by accepting its ads, consumers get popular software applications free of charge that otherwise can cost up to $30 apiece.
Wow, I can save $30 by making my $500 PC unusable.
--- http://davidnehme.blogspot.com
...how can I prevent my ads from being served by spyware? How about a clause in my contract with the advertising company that says "Ads served by provider and any subcontractor will not be served by pop-up, and will only be served as the result of a user willfully navigating to a web page which serves ads, and may not be served as the result of any additional software installed on the user's computer. The definition of 'pop-up', 'willfully navigating' and 'installed' remains at the discretion of the customer, and we reserve the right to terminate this contract if the advertising agency is unable to assure us that it meets these criteria."
For some small business this wouldn't work too well, but if big companies started doing it, and it became standard operating procedure for corporations, it would help a lot. Suddenly, other advertisers will just stop dealing with these guys.
Nailing down the definitions is a bit tricky, and IIRC there was a case where some company sued over being designated as malware, so this approach isn't a cure-all. Going after the actual technical definition of something is a bit more effort, but it quashes the arguments of companies that might complain they are being singled out prejudicially.
Also, pornographers and other shady businesses will always do stuff like this, but at least we'll maintain the association of sleaziness with pop-ups and spyware, which is where it belongs.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
they're pulling in enough money that the execs will just get replaced.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The only problem with this is--the companies don't care how their ads are served. They don't care if spyware or adware is installed--it gets their ads there, in the consumer's face, and they don't have to pay much. Cheap ads, and none of the parties involved (except the consumer, whose opinion doesn't matter (yet)) care how the ads are shown, as long as they bring business and they don't have to pay much.
I feel bad for all the windows users that complain about their computers getting slower. Its probably this companies fault.
Nono, didn't you see that part about removing competitors adware? This is the GOOD spyware company.
Spyware is like someone opening your unlocked back door and dumping a piss-stained couch in your front room. You have to call over one of your buddies to help you lift the couch, but the smell just doesn't go away. Worse, sometimes their stoner friend Jeff crashes on the couch and starts eating all your food without permission.
Personal email at one point was getting so bad that I was concidering telling people to send me a fax instead of an email.
I do have a fax machine so if it would come to that crunch, I have it in preparedness. It has an added bonus that people who send junk faxes can be easily prosecuted.
No sig. Move along - nothing to see here.
The economy has been damaged.
Now sure, even the Great Depression was reversable in some sense, but it really wasn't. History was changed. A whole alternate set of people were born, different people got married, different people died...
People would still learn to spook somehow, just like they do with IP addresses. And anyway, think of the poor trees!
I mean, come on... I had never heard of 4chan, but after just bringing it up then in my browser and just looking at the links on the front page (girls sucking horses, Japanese Lesbians etc.) then I'd say you've pretty much only got yourself to blame.
Sorry, but true.
Yes, spyware is damn evil, and if they would just go away, the web might be a nicer place. BUT you browsing a porn site (and not a reputable one either... such as Playboy or the like) are just asking for trouble.
And as you were saying you were looking for images for your site, insomuch as 'taking without permission', I have no sympathy.
You play in filthy places you're going to get dirty.
* With your ridiculous 'windoze' spelling.
* With your incomplete understanding of the operating system you're bashing 'DirectX vs ActiveX'
* With your lack of any kind of empathy for people who may wish to, oh, I dunno, play games on their PC as well as just surf the web and read emails.
* I just DON'T get viruses, malware, spyware or ANYTHING like that. Yes I do have a virus checker running, but it's a free one (AVG) and I don't even notice it doing it's job... and it hasn't found anything for years now, so it's hardly required. So your ridiculous "I'm not prepared to spend time on all that stuff I don't want to", while at the same time you DO have to spend time working out how to install programs etc. in the Linux world... I'm quite happy with double clicking on 'setup' thanks.
"By definition, the malware writers are one step ahead of your scanner."
Or... I don't get ANY popups, slowdowns, unwelcome websites or ANYTHING.
So, really by definition... you're talking out of your butt.
The thing that sucks is Revenue Direct could sue McAfee or other antivirus companies. Think back to the Sony rootkit - where f-secure were negotiating with Sony after they had already produced a fix but would have run the risk of being sued out of business by Sony if they released it without clearing it with Sony. These spyware companies are not big but could still cost an antivirus company a fortune in legal fees. Spybot and others survive by not being commercial products - once a lot of people start making their living out of something they become scared of what others can do to shut the whole place down. We've allready seen spammers take legal action against those who report them in Australia, so imagine what could be done with some of the weird US laws over spyware - paticularly the IP angle and investigating the spyware in order the block it. It's not beyond the realms of possibility that someone could go to jail for reverse engineering spyware under the DMCA or similar bit of stupidity.
they are in the business of making money, not of causing problems for the user (that, to them, is merely an unfortunate side effect) - likely some people at that job slept easier knowing at least their software did one useful thing.
You are way too kind to this scum. Their rationalization was that there was money to be made but not for long and that only those who struck hardest would make it. The dirt bag interviewed admitted this by quoting Douglas, "Find out just what any people will quietly submit to and you have found out the exact measure of injustice and wrong which will be imposed upon them." The business model only worked as long as there were only a few dirt bags trying to impose the maximum tolerable burden. They knew that everyone who could care less would jump into it and soon the burden would be intolerable to anyone.
The only thing that made them feel better was the money they were making as they burnt down your computer. Hopefully, most of that money will be taken away.
The same thoughts can be applied to WGA.
Friends don't help friends install M$ junk.
These spyware programs must talk to their host, so why hasn't someone reverse engineered the protocol, and written a program to flood them with crap. Make it look like someone clicked on their ad's a million times. Report back as a billion infected machines. If their statistics always come up as crap, their "customers" might get pissed off enough to quit paying them. It might also help to mask information being stolen from real people.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
Cripple IE (what I did)
:P
:P So now rouge IPs have to have your IP address and some security hole in Windows to get in...
Turn off ActiveX, paste operations via script, IFRAME support
Use a 'dumb' browser to browse 'media rich' sites like Slashdot
Good, but 'dumb' browsers
Lynx - Text mode only
Off By One - No javascript/activex support (no driveby downloads!)
I use this to browse Slashdot. Slashdot looks like crap now in IE5 which came with Windows 2000...
This will help keep spyware out of your PC or you can use a Mac like all the Apple snobs say to do...
PS: Turn off the Messenger service so you won't get 'IPspam' that way.
PS: Use a good hosts file to block the adware/spyware IPs such as
http://www.mvps.org/winhelp2002/hosts.htm