WhenU covers Continental with its own Google ads -- charging ad fees for traffic Continental would otherwise receive for free.

Google has been called on the carpet by a prominent spyware fighter for contributing to the bottom line of Internet snoopsters.

          “By paying spyware vendors to show advertisements, Google both enlarges and prolongs the spyware problem,” Harvard Business school Assistant Professor Ben Edelman recently wrote on his Web site.

“In particular,” he continued, “Google’s funding supports software that users struggle to remove from their computers. Google’s payments make it more profitable for vendors to sneak such software onto users’ computers in the first place.”

Edelman’s criticism of Google is largely based on the search king’s relationship with two firms: InfoSpace and WhenU. InfoSpace, among other things, distributes Google pay-per-click advertising. It uses subcontractors, like WhenU, to assist in circulating those ads.

According to Edelman, WhenU, through its spyware, collects cash from Google through some questionable ad practices. Here’s the problem.

When an advertiser buys a pay-to-click ad, it pays when a consumer clicks on the ad and goes to the advertiser’s site. If the consumer makes a purchase, the value of that ad increases and that added value is taken into account when the ad is renewed.

Continue reading Spyware linked to Google ads»

From time to time a customer, friend or family member will ask me about spam.  The conversation will follow a fairly predictable path from “Why do I get so much spam?” all the way to “How do these spammers make money anyway?”  It is a big question with lots of different answers so usually I will just walk them through one specific example of a spam technique and how it can result in profit for the spammer.

Today I was forwarded some spam by a customer wondering whether it was legitimate or not and so came across one excellent example of how a spammer can profit from their malicious endeavors.

Slipping Through the Defenses

The first step towards profit for a spammer is email delivery.  With many businesses and home users protected by anti-spam systems, a spammer needs to either blast out so much junk email that they eventually find an unprotected email address, or they need to craft their email such that it passes through a spam filter undetected.

In this case the latter was true, which actually raised the perception of authenticity to the end user who was not used to very many spam emails reaching their inbox at all.  The quality of the writing also caused it to slip through the recipient’s own mental defenses, convincing them that it was legitimate and that they should follow the actions it suggested.

This spam email contained a link to an affiliate landing page for a piece of utility software.  The domain name included a well known brand name for this particular type of software.  Everyone uses this software, or something like it, so an email announcing a new version of it would appear relevant to most people.

The Affiliate Landing Page

For those that are new to the topic, affiliate marketing is basically a system whereby marketers will promote various products or services in return for a commission on a per-sale or per-lead basis.  Affiliate marketing systems are not necessarily scams, it is a thriving and legitimate business online and many household names on the web have affiliate programs in place.

The landing page for this affiliate was very professionally designed and would lead most people to believe they were on the official website for the software in question.  Only a small disclaimer at the bottom of the page says otherwise, “This website has no affiliation whatsoever with the owner of this software program and does not re-sell or license software“. Continue reading Behind the Curtain of an Affiliate Marketing Spam Email»

The FTC has shut down a known malware and spyware vendor. On Monday a U.S. District Court handed down temporary restraining order forcing CyberSpy Software to cease selling its RemoteSpy program, which is a keylogger. The company was also ordered to shut down its website.

The program records every keystroke on the infected computer, takes screenshots of the screen and records the addresses of every site visited. It also records all documents opened and logs conversations from a variety of IM programs including MSN Messenger, AIM, Skype, and Yahoo! Messenger. This information is transmitted to CyberSpy’s website where their customers log in to retrieve it. The program also comes with instructions on how to disguise the software and send it via email to their unsuspecting victims. Installation is as simple as clicking on a image. From the FTC’s complaint:

          The defendants violated the FTC Act by engaging in the unfair advertising and selling of software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information. The FTC complaint also alleges that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients. The complaint further alleges that the defendants provided their clients with the means and instrumentalities to unfairly deploy and install keylogger spyware and to deceive consumer victims into downloading the spyware.

Continue reading FTC Shuts Down Malware Vendor»

Most web browsers are supposed to protect people by implementing security zones. These safe zones use different security settings of a web browser, which can vary based on the location of the web page being viewed. Phishing emails can lure users to a malicious code web site.  These sites attempt to install spyware, malware or both onto the unknowing person’s computer. These web sites rely on weaknesses in web browsers, which will allow installation and execution of harmful programs on a computer.  These web browser vulnerabilities allow overriding settings, even when these sites are located in a security zone that is not trusted and normally would not allow those actions.

Continue reading Phishing Emails Exploit Browser Weaknesses»