June 22nd, 2006
Spyware popping porn in all the wrong places
Ben Edelman has another revealing write up — this time on ad networks, spyware and porn pop-ups and these are not happening on adult oriented sites. It’s happening on sites where sexually-explicit content would not be anticipated. Ben explains in detail, including packet logs, video and screenshots, the chain of events demonstrating how spyware is generating unrequested, unexpected sexually-explicit pop-up ads on normal sites that you and I might visit.
Spyware/adware from Direct Revenue, ZenoTecnico, Deskwizz/SearchingBooth, Z-Quest, Look2Me, (aka Ad-w-a-r-e) interacted with several ad networks including MyGeek, Zedo (San Francisco company with the well known Esther Dyson on its advisory board), Falk AG/DoubleClick, YieldManager and others. Ben explains why, besides being annoying or downright offensive, this spyware/ad network behavior is troubling. There’s clickfraud involved, illegal domain typosquatting used to mislead web users, and sexually-explicit content likely to be shown to minors on normal sites. Ben states:
The four examples shown above are just a tiny portion of the problem of sexually-explicit images shown to users who didn’t request such materials. I have numerous additional examples on file. In one example on file, spyware on my test PC identifies the name of a fashion designer on a well-known retailer’s site, then uses that word as a trigger for an ad, ultimately showing an ad that is sexually-explicit. In another example, spyware on my test PC observes me browsing the children’s section of an online shoe store, a page mentioning "girls" in its title. The spyware then serves me a full-screen sexually-explicit pop-up. Notably, the pop-up was obtained via click fraud against a major pay-per-click search engine.
Ben’s write up is highly recommended reading. The ad networks mentioned should pay particular attention since the Direct Marketing Association just released best practices online advertising networks and affiliate marketing (PDF). And don’t miss the video, which shows 180solutions popping up full page ads and sexually-explicit full page pop-ups from Direct Revenue/Best Offers. The sexually-explicit ad in the video has been edited, but still may not be appropriate for viewing in some settings.
June 23 — correction: I was incorrect in stating that Ben’s current write up includes domain typosquatting involving the parties he wrote about. Ben links to a previous write up on illegal domain typesquatting, also recommended reading, here.
