Adware

Disgruntled users wanting to know how grape.jellycloud.com ended up on their computers will be interested in this article at ValleyWag. Apprantly a tipster informed them Jellycloud went under this weekend, with liquidators repossessing their furniture.

Most of the senior management team at JellyCloud used to work at Claria Corporation, previously known as Gator, the behavioral advertising network.

Roboform became a popular spyware-free alternative to Gator’s eWallet.

The Register: ‘Spyware king’ rests in pieces
Certifiedbug: NebuAd and Claria (Gator) connection
Claria stops spying?

{ 0 comments }

So there I was at Photobucket looking at images when this popped up.

I clicked No and was redirected to the site anyway. In other words my browser was Hijacked.

WOT edged in to say no no no.

http://www.mywot.com/en/scorecard/consumergain.com

Site Advisor also flags consumergain.com
http://www.siteadvisor.com/sites/consumergain.com

Press release January 30, 2008 by the Federal Trade Commission (FTC).
Online Advertiser Settles FTC Charges. “Free” Products Weren’t Free; Settlement Calls for $200,000 Civil Penalty

According to the FTC, Member Source Media LLC, doing business as ConsumerGain.com, PremiumPerks.com, FreeRetailRewards.com, and GeatAmericanGiveaways.com, and the company’s principal, Chris Sommer, used deceptive spam and online advertising to lure consumers to its Web sites. For example, Member Source Media used e-mail subject lines such as, “Congratulations. You’ve won an iPod Video Player”; “Here are 2 free iPod Nanos for You: confirm now”; “Nascar Tickets Package Winner”; “Confirmation required for your $500 Visa Gift Card”; or “Second Attempt: Target Gift Card Inside.” The company’s Web-based ads contain similar representations: “CONGRATULATIONS! You Have Been Chosen To Receive a FREE GATEWAY LAPTOP.”

http://www.ftc.gov/opa/2008/01/media.shtm

The FTC should take another look at Consumergain.com.

Of secondary interest, Photobucket uses the ASK searchbar.

The searchbar can be used to perform an internal search of the website, and as with the ASK pre-checked toolbar that is offered for one’s browser during the installation of certain programs, a search still comes with plenty of sponsored results.

http://certifiedbug.com/blog/tag/ask/

{ 1 comment }

State AGs Fail to Adequately Protect Online Consumers
New report from the Center for American Progress and Center for Democracy and Technology finds that state attorneys general receive thousands of complaints of online fraud and abuse but have launched relatively few cases in responseWashington, D.C. — State attorneys general received thousands of consumer complaints of online fraud and abuse in 2006 and 2007 and yet, with the exception of several notable standouts, brought few significant cases in response, according to a report released today from the Center for American Progress and the Center for Democracy and Technology, Online Consumers at Risk and the Role of State Attorneys General.

Most states supplied the authors with a top 10 list ranking consumer complaint categories (Internet-related and other). In 2007, 24 out of 30 states that provided rankings reported an Internet-related category within their top 10. Eight states ranked Internet-related complaints among their top three most common consumer complaints, including four states that ranked Internet-related complaints at the top of the list.

For 2007 and 2006, 20 states provided the number of consumer complaints associated with each category—the others merely provided rankings without giving the number of complaints. In both years, these states reported roughly 20,000 Internet-related complaints.

The Federal Trade Commission also provides data for all 50 states on consumer complaints related to Internet fraud. These data are compiled from a variety of sources, including 13 state attorneys general. In 2007, the FTC reported 221,226 Internet-related fraud complaints, up almost 16,000 from 2006 and more than 24,000 in 2005.

“These numbers are startling, but they may even understate the problem,” said Reece Rushing, director of regulatory and information policy at the Center for American Progress. “Consumers are often unaware, and thus may not report, when they are victimized by online threats such as spyware or phishing. We must take action against these threats to protect consumers and preserve confidence in Internet commerce.”

As described in the report, several attorneys general, in particular those in New York and Washington state, brought important cases on behalf of online consumers. New York Attorney General Andrew Cuomo, for example, recently announced groundbreaking settlements with Priceline, Travelocity, and Cingular, which advertised using Direct Revenue, a company that surreptitiously installed adware on consumers’ computers. In Washington, meanwhile, Attorney General Rob McKenna reached a recent settlement with the operators of several websites that lured more than 13,000 Washington consumers to divulge personal information that was then sold to third parties.

Despite these successes, however, most attorneys general have not given high priority to online fraud and abuse.

Center for Democracy and Technology:  Press release

{ 0 comments }

Previous Certifiedbug: Zango now

John Cook, Seattle PI

Sources say that two executives have also departed, including Executive Vice President of Corporate Development York Baur and Chief Technology Officer Ken Smith. Smith, who co-founded the company in 1999, is the brother of Chief Executive Keith Smith. A Zango spokesman declined to comment on the departures.

Ken Smith about his departure, Moving On

But nine years is a long time, and I’ve made the difficult decision that it’s time to move on. Yesterday, as part of its transition over to its Platrium platform, Zango had to lay off 68 employees, roughly one third of its work force, and I took the opportunity to tender my resignation as well.

Introduction to the Platrium Playbar:

Platrium is your access key to premium content. It is FREE, paid for by advertising. While online & using keywords sent to Platrium from your Internet browsing, Platrium software (with Weather forecast) will show targeted ads in a temporary Slider; relevant search suggestions in the Playbar; & comparison shopping offers in a Sidebar browser pane. The Playbar provides easy access to 1000s of emoticons, avatars, games & more, when online. Platrium runs continuously & updates automatically, ensuring access to the freshest content. Uninstallation is easy via Add/Remove Programs.

“Make Platrium your default home page” is pre-checked by default.

The Platrium search function directs searches to sponsored results on “Shopbrite”.

{ 4 comments }

Flagged red at Site Advisor

Internet Storm Center 2008-04-29 Scripts in ASF files

Reported 2008 Apr 07 at Bit Defender as Trojan.Downloader.WMA.Wimad.N
Spreading: very low

Not any more. Helped along by P2P users, this one is now spreading fast. When a user attempts to load one of these MP3 and MPG files, which are fake and contain no media clips, they are directed to download a file named PLAY_MP3.exe.

McAfee May 6, 2008 Fake MP3s Running Rampant

Detection of a trojan named Downloader-UA.h was added to the McAfee DAT files several days ago. Since that time more than 360,000 McAfee VirusScan Online users have reported detections, a whopping 32% of those reporting in the past 24 hours alone. Now Downloader-UA.h is not your everyday trojan, this detection covers fake music and video files associated with fastmp3player.com.

Users say they have downloaded this .exe using P2P clients such as Limewire, now why would you want to do that eh?

.exe means executable, no stopping, no pass go.

{ 0 comments }

Zango is in the news again.
The Register: Zango’s adware fox desperate to guard net henhouse

Last month, it asked the Ninth US Circuit Court of Appeals to reconsider a decision by a lower-court judge that held Kaspersky was immune from such lawsuits.

Sunbelt Blog:
Zango partnerships
Zango reacts to Sunbelt blog posts

PCMag: Must You Install Zango?

Ben Edelman commented at PCmag and Sunbelt:

Why do people continue to distrust Zango? Because Zango’s continued actions deserve distrust. Four specific examples:

1) Zango continues to run “fake user interface” ads that are disguised to look like Windows message boxes. Example. These ads continue to this day.

2) Zango continues to install its software without unavoidable, prominent disclosure of material terms. Example. Zango’s settlement with the FTC requires improved disclosure. To my surprise, Zango claims the FTC settlement doesn’t require such disclosure for “heritage Hotbar products”. But the FTC settlement’s plain language specifically applies to “any software program” Zango installs or downloads — offering no “Hotbar exception.” Quotes, citations, and further analysis.

3) Zango continues to defraud online advertisers, including by showing pop-ups that claim affiliate commissions Zango did nothing to earn. Last spring I wrote up a few examples. It’s easy to find many more. Indeed, my Automated Spyware Tester catches dozens of such examples per month.

4) Zango touts its video offerings, which include widespread videos infringing on copyrights held by others. Zango has no proper basis to hold these videos in its library, or to use them as bait to attract users to install Zango’s software.

This is all in the present, not the past. And these scams — fake user interfaces, ineffective installation disclosures that fall short of settlement obligations, defrauding advertisers, and infringing others’ copyrights — are good reasons for users to “distrust” Zango (or worse!)

Certifiedbug: Zango tags.

The beat goes on…..

{ 0 comments }

Alex Eckelberry reports that despite press on the matter, C-NetMedia is still trying to fool people.

I’m afraid it’s going to take the FTC to handle this one. Apparently the search engines aren’t self-policing on this one.

Article and screenshots: Incredible — C-NetMedia still continues its grossly deceptive practices

{ 0 comments }

Additional comment on Certifiedbug’s “C-NetMedia’s Deceptive Practices”.

In his missive at C-NetMedia , Edelman criticized several prominent companies for failing to hold C-NetMedia accountable for its practices.

• Google and other search engines could block the widespread deceptive ads from C-NetMedia and its marketing partners. C-Net and its partners have continued these practices for more than a year. Google claims to be tough on malware, and Google does exclude some harmful organic search results. But Google has been ineffective in removing the false and deceptive ads shown above, among many others, despite ample complaints from users and security researchers.

• McAfee could remove its Hacker Safe certification from C-NetMedia sites. At present, the McAfee logo gives users the false impression that McAfee endorses C-Net and the McAfee vouches for the effectiveness of C-Net’s software. I gather neither is truly the case. Indeed, McAfee’s HackerSafe certifies some C-Net sites at the same time that McAfee’s SiteAdvisor characterizes rates those same sites as red. In my view, the SiteAdvisor rating better describes the view of security experts and better serves typical users. (Disclosure: I serve as a member of the Board of Advisors of McAfee SiteAdvisor.) (Update, February 14, 11:30am: McAfee has withdrawn HackerSafe certification of C-NetMedia sites.)

• Microsoft could withdraw its Certified for Windows Vista certification on the basis of C-NetMedia’s violations of various ASC rules, as cited above. Anticipating this kind of harmful marketing practices, Microsoft’s certification rules provide ample basis for excluding C-Net on the basis of its deceptive advertising. Microsoft’s concern should be particularly acute because C-Net copied the layout and format of the Microsoft Antispyware site, because C-Net marketing partners trade on Microsoft’s brand name and product names, and because C-Net products worsen the experience of Windows users (i.e. by charging a fee for security software, when Microsoft provides similar software for free).

• ClickBank could eject C-NetMedia from ClickBank’s affiliate network due to the pattern and practice of false and misleading ads placed by ClickBank affiliates in their promotion of C-Net offers. ClickBank’s Client Contract specifically prohibits fraudulent, deceptive, false or misleading information in advertising messages (clause 7.n.), and Clickbank reserves the right to immediately suspend violators (9.d.). But at present, C-NetMedia seems to remain a ClickBank clent in good standing.

Source: Edelman

According to Information Week, a request for comment left with an assistant of Erik M. Pelton, the attorney of record for C-NetMedia’s trademark filings, went unanswered.
In addition, Information Week found no building resembling the company’s illustration of its headquarters visible on the Google Maps satellite photo of the posted address.

{ 0 comments }

Spyware Researcher Ben Edelman continues his investigation on C-NetMedia.
Critiquing C-NetMedia’s Anti-Spyware Offerings and Advertising Practices

Not every “anti-spyware” program is what it claims to be. Some truly have users’ interests at heart — identifying and removing bona fide risks to privacy, security, stability, or performance. Others resort to a variety of tricks to confuse users about what they’re getting and why they purportedly need it.

This article reports the results of my examination of anti-spyware software from C-NetMedia. I show:

• Deceptive advertising, deceptive product names, and deceptive web sit
  e designs falsely suggest affiliation with security industry leaders. Details.

• The use of many disjoint product names prevents consumers from easily learning more about C-Net, its reputation, and its practices. Details.

• High-pressure sales tactics, including false positives, overstate the urgency of paying for an upgraded version. Details.

Note that C-NetMedia is unrelated to the well-known technology news site CNET Networks. See further discussion below.

Deceptive advertising, deceptive product names, and deceptive web site design falsely suggest affiliation with security industry leaders.

Some C-NetMedia products are marketed using practices, keywords, labels, and layouts that falsely suggest they come from security industry leaders. This suggestion comes from both the actions of C-Net itself, as well as from the actions of C-Net’s marketing partners.

Consider the top three ads for a Google search for “Spybot”, a popular early anti-spyware program (full name “Spybot Search & Destroy”). As shown at right, the top three ads each specifically mention “Spybot” — the first two, in directory names; the third, in its domain name. Furthermore, all three ads also include the distinctive and original phrase “Search & Destroy” that specifically describes the genuine Spybot product. Yet in fact each of these three ads takes users to the unrelated site spywarebot.com (emphasis added) (screenshots: 1, 2, 3). Clicking the first ad immediately takes a user to spywarebot.com via the ClickBank advertising network. As to the second and third ads, traffic flows through independent “landing page” sites which in turn show ClickBank links to promote Spywarebot. These landing pages are hosted on the deceptively-named domains named spybot-sd-info.com and www-spybotcom.com — each further (but falsely) suggesting an affiliation with the genuine “spybot” product.

Ben’s Complete Article

Spybot Search and Destroy (Spybot-S&D) Official Home Page: http://www.safer-networking.org/en/home/index.html

{ 4 comments }