MSNBC / Businessweek has a fantastic article on spyware. The article goes into great detail, describing where it comes from, how it persists and what it does. They focus on one particular spyware kingpin called Direct Revenue -- a company that apparently gets as many death threats as the president.
The article describes one very fascinating thing, inside your computer there is a minor war going on.
From early on, a small group of programmers at Direct Revenue focused on how to protect their employer's programs once they were lodged in a computer, current and former employees say. The team called itself Dark Arts after the term for evil magic in the Harry Potter series. One of the biggest threats Dark Arts addressed came from competing software. The presence of multiple spyware programs can so cripple a computer that no ads manage to get seen.Having a long love affair with Adaware - a software package that simply removes spyware from your hard drive. I know how many little programs can get in and muck with your system. Adaware has been great for me because it is so simple and it has a free version. (Like many, I am the designated tech support for my extended family - simple products like this are lifesavers).
Dark Arts crafted software "torpedoes" that blasted rival spyware off computers' hard drives. Competitors aimed similar weapons back at Direct Revenue's software, but few could match the wizardry of Dark Arts. One adversary, Avenue Media, filed suit in federal court in Seattle in 2004, alleging that in a matter of days, Direct Revenue torpedoes had cut in half the number of people using one of Avenue Media's programs. The suit settled without money changing hands, according to an attorney for Avenue Media, which is based in CuraƧao. "This is ad warfare," explains former Direct Revenue product manager Reza Khan. "Only the toughest and stickiest codes survive."
The scary thing about the torpedo programs is not that they are blasting away at each other inside my computer without my knowledge - but that their engagement likely ends at the point of disabling the other software. Their goal is to keep the computer healthy enough to keep popping up annoying ads - not to cleanly delete things. It would not be at all surprings to find megabytes of left over remains from previously installed and subsequently torpedoed software on your hard drive.
Another interesting part of the article discussed Direct Revenue's relationship with the Morpheus file sharing package which is used heavily by independent musicians and DJs.
In early 2005 the company was bundling its products with a file-sharing program called Morpheus, which users could download onto their computers. Morpheus required that Direct Revenue make its software easy to spot in a computer's "Add/Remove" panel, which is the registry where a user can find most legitimate software and delete it. Direct Revenue agreed at first but after a few months noticed that thousands of new users it gained via Morpheus were quickly deleting the ad software. Kaufman, a co-founder of Direct Revenue, sent an e-mail to colleagues in February, 2005, saying the company should drop the Mr. Nice Guy routine. "We need to experiment with less user-friendly uninstall methodologies," he wrote. The distribution agreement with Morpheus ended within three months.Morpheus users weren't stupid, in fact most were very savvy. They quickly informed each other that the spyware was there and people removed it. Why did they remove it? Simple. No one actually wants it.
The sad fact is that spyware attacks people who do not understand what it is, how it gets there or how to remove it. Spyware has no users, only unwitting hosts or victims. It is ultimately parasitic. The article says that Delta, Cingular and Vonage are current clients. JP Morgan Chase, Travelocity, Priceline and others have been past customers. Is no one out there informing marketing directors or staff that any time someone says "Pop up ad" that they should end the meeting there?
My wife's laptop, about a year or so ago, got spyware that nothing could or can still detect. It infected Internet Explorer and would launch popups right and left until the computer crashed. I fixed it by installing Firefox and telling my wife never to touch IE. They may still be tracking her games of Spider Solitaire, I'm not sure.
It was therefore great to read page five of this story, where the Direct Revenue people made a piece of spyware so malicious it pissed off their advertisers, investors and even their own staff:
The same ambivalence was evident in April, 2005, when Direct RevenueFor some reason, Direct Revenue is "mystified" as to why all this, and thousands of complaints from public, would cause Eliot Spitzer to take action against the company. I am often amazed at how people who are obviously skirting the law - and good taste - push it farther and farther until they actually do become illegal. Then when they go over the line, they appear stunned.
released a concoction known as Aurora. The program clearly labeled ads
as coming from the company, a gesture designed to build credibility.
But Aurora had powerful features that fought off competing spyware and
security programs. The company also raised the number of pop-ups it
sent users to as many as 30 a day.
Disaster ensued, as Aurora
paralyzed thousands of computers. Matt Oettinger, who ran media
operations at Fastclick, an advertising network that bought ads from
Direct Revenue, found his home PC afflicted by Aurora, e-mails in court
filings show. In June he ordered all Fastclick ads disentangled from
Aurora. Branko Krmpotic, the managing director of Technology Investment
Capital Corp. (TICC), which had invested $6.7 million in Direct
Revenue, also caught the Aurora bug and couldn't kill it, according to
e-mails. Eventually, Direct Revenue had to send its customer support
director to fix Krmpotic's machine. After receiving complaints about
Aurora, Insight Venture, another major investor, told the company to
remove Insight's name from the Direct Revenue Web site. Fastclick
declined to comment; Krmpotic didn't return calls.
Even Aurora's
creators fell victim as the program froze computers at Direct Revenue.
One sales staffer, Judit Major, documented receiving more than 30
pop-up ads in one day, according to e-mails. Her computer crashed four
times. "We are serving WAY TOO MANY pops per hour," wrote Chief
Technology Officer Daniel Doman in a June e-mail to the company's
brass. "If we overdo it, we will really drive users to get us the hell
[off] their machine. We need to BACK OFF or we will kill our base."
Here's a tip, if you make software and people feel compelled to send you death threats because your software is working the way you intended it to -- you are probably doing something questionable.
Technorati Tags: Direct Revenue, spyware, malware, spitzer, priceline, travelocity, adaware, lavasoft, torpedoes, morpheus, delta, cingular, vonage, jp morgan chase, pop up
Many programms include spyware modules. Use anti-spyware for protect your privacy.
As for me, I like professional anti-spy software like Anti-keylogger by Raytown Corporation LLC.
You can download it here: http://download.softsecurity.com/1/15/antikey.zip (~4MB)
Posted by: Simon Scatt | 10 July 2006 at 02:06