Los Angeles Times: Archives …

Los Angeles Times: Archives                                                                                                Page 1 of 4

Big Firms' Ad Bucks Also Fund Spyware; Fortune 500 members are among the unwitting
backers of software that sneaks into computers.; [HOME EDITION]
Joseph Menn. Los Angeles Times. Los Angeles, Calif.: May 9, 2005. pg. C.1

Full Text (1916 words)

(Copyright (c) 2005 Los Angeles Times)

Blue-chip companies are sponsoring more than TV shows and golf tournaments to promote their products: They are
inadvertently underwriting computer spyware too.

Larry Ingram found that out last month after spyware infested computers owned by Minnesota's Hennepin County. The uninvited
software spewed ads for such companies as car maker Mercedes-Benz and online travel agency Travelocity.com.

Ingram, who oversees security for the county's 11,000 computers, said those companies might have relied -- perhaps
unknowingly -- on unscrupulous advertising middlemen.

But the software that invaded Hennepin County penetrated more than 500 other workplaces. Those spyware ads hint at how
much of the cyber-world's latest plague is financed in part by well-known companies.

Cash from blue-chip companies "drives much of the spyware polluting the Internet today," said Joe Stewart, a Lurhq Corp.
security researcher who traced the attack back to the underlying ads.

Spyware -- a term encompassing both ad-supported programs that users don't want and more-virulent software that steals
financial information -- is the leading complaint of computer owners. It often sneaks into computers when users download a piece
of more desirable software, such as a screensaver or file-trading program. Once there, the software typically shows pop-up ads
until a user can figure out how to uninstall it -- rarely an easy task.

A number of federal bills aim to restrict the worst practices of the scourge, which is increasingly cited as the greatest threat to the
growth of electronic commerce. Yet deliberately or not, money for spyware comes from the coffers of Fortune 500 companies.

"We're funding the business models because we don't know any better," said Clinton Schmidt, the director of online marketing at
1- 800 Contacts Inc., a publicly traded Sandy, Utah-based company that bills itself as the world's largest contact-lens store.

Mercedes-Benz USA and Travelocity said their pitches were placed in violation of company policies.

"We would not authorize anything installed in such a manner," said Mercedes Internet marketing manager Lisa Cooper. She said
the company had been testing a new ad network and hoped that the spyware appearance wouldn't be repeated.

Travelocity spokesman Joel Frey said his company didn't know about the incident until contacted by The Times.

"We can assure you that it is against our policies for ads to appear in unwanted software," Frey said. "We're working fast and
hard to get to the root cause."

That might be difficult. Unintended placement isn't unusual on the decentralized Internet, advertising specialists said, because
the merchants are often several steps removed from their own advertisements.

Here's how it works:

Instead of buying ad space directly, companies usually dole out money to an agency. Those agencies often turn to outside
buyers specializing in Internet marketing. And the buyers can split the funds even further, allocating some for banner ads paid for
based on how many people view them; some for "pay-per-click" ads paid for based on the number of clicks for further
information; and some for "pay-per-sale" ads, in which publishers of Web pages get a commission for electronically referring
eventual buyers to the merchant.

In each of those cases, the Internet ad buyers can turn to advertising networks using thousands or even tens of thousands of so-
called affiliates. The networks take a percentage of the spending and give another cut to the affiliates, which range from one-
person Web retailers to major companies that distribute free, ad-supported software.

The problem is that the networks and the affiliates -- and the countless "sub-affiliates" working for the affiliates -- have an

http://pqasb.pqarchiver.com/latimes/834803321.html?MAC=f03eb6bbeb32410565bfedff7386c7c2&did=8... 6/9/2005
Los Angeles Times: Archives                                                                                              Page 2 of 4

incentive to generate the most viewers, clicks and buyers they can. That leads some of them to trick people into installing
spyware that produces a never-ending stream of come-ons.

If an affiliate slips a deceptive piece of software into someone's personal computer and persuades the owner to buy something,
the transaction could be passed through three or four businesses -- each taking a cut -- before the affiliate network hands off the
customer to the merchant.

Some security experts estimate that spyware and its cousin, adware, generate $500 million to $2 billion a year in revenue for
middlemen.

"The whole system seems like it's been designed to reduce accountability," said Ben Edelman, a Harvard graduate student who
has testified before Congress on spyware practices. "It's a nightmare of backroom deals."

Schmidt, of 1-800 Contacts, said most merchants couldn't tell what traffic was legitimate and what wasn't. The affiliate networks,
which could tell, often don't bother. "They're all taking the 'hear no evil, see no evil' approach," Schmidt said.

Some companies try harder than others to police where their ads appear. Schmidt recently bought tools to check into his
company's biggest online referral claims and threw out a third of the commissions as improperly earned. The worst offender, he
said, was a "drive-by download" that installed spyware without asking and then claimed credit when infected users went to the 1-
800 Contacts website on their own.

Other companies don't seem to care, said Elizabeth Cholawsky, a vice president at affiliate network Commission Junction, which
had about $60 million in sales last year.

"Some advertisers," she said, "just want a big program."

That's a common sentiment in what is again a booming market. Internet ad spending rose more than 30% to nearly $9.6 billion in
2004, according to the Interactive Advertising Bureau.

The Hennepin County case illustrates how that increasing pool of money is financing some inventive, if undesired, activity.
Employees there were tricked with what's called "pharming," an insidious successor to "phishing." In phishing attacks, con artists
send official-looking e-mails to draw people to pages resembling established sites. With pharming, the e-mails aren't needed.

When county workers typed a Web address such as Google.com, their desktop computers contacted a central machine in the
internal network that is supposed to translate the letters into a numerical address for a computer at Google.

But in the largest incident of pharming to date, unknown hackers had scanned thousands of such machines around the country,
looking for firms that hadn't fixed a flaw in older versions of Microsoft Corp. software. They then fed misinformation to the flawed
machines, duping them into sending employees to stand-ins for many popular websites.

The impostor sites presented browsers with commercially oriented search engines like those that can appear when users
mistype common website names, as in yhoo.com and ebya.com. Depending on what users said they were looking for, such as
cars or airplane tickets, the search engines took visitors to ads including those for Mercedes and Travelocity.

The invisible glue between one search engine and those ads -- identified by Stewart through the electronic codes being
transmitted -- was a pay-per-click advertising network called FindWhat.com Inc. FindWhat gets paid every time someone clicks
on an ad for a merchant, and Web businesses that refer him or her to FindWhat also get a fee -- including, in this case, a
business apparently tied to the hackers.

"The big-name companies are advertising on legitimate networks that utilize pay-per-click search engines to drive traffic,"
Stewart said. "Unfortunately, the pay-per-click model lends itself to abuse by rogue affiliates who will hijack users."

FindWhat President Phillip Thune said an affiliate's sub- affiliate, which had since been dismissed, had violated FindWhat's
policies in pursuit of a referral fee. But a spokeswoman said the publicly traded Fort Myers, Fla., company never learned who the
sub- affiliate was and couldn't be sure the main affiliate wouldn't strike a similar deal soon -- even with the same sub-affiliate.

That doesn't impress activists like Edelman, who say FindWhat affiliates have left their calling cards in other unwanted software.

"That happens to FindWhat over and over," Edelman said. "They've allowed it to fester to make them money."

Some of the biggest search companies, including Yahoo Inc., are also putting money behind programs some consumers can't

http://pqasb.pqarchiver.com/latimes/834803321.html?MAC=f03eb6bbeb32410565bfedff7386c7c2&did=8... 6/9/2005
Los Angeles Times: Archives                                                                                               Page 3 of 4
stand. Yahoo's Overture ad division, recently renamed Yahoo Search Marketing, has a long-standing relationship with Claria
Corp., an ad- supported company that installs pop-up ad software. Yahoo places copies of its clients' ads on Claria, splitting
revenue that results from that business. In a withdrawn filing for a public stock sale last year, Claria said the arrangement
brought in 31% of its $90 million in 2003 revenue.

"That means they're making Overture a lot of money as well," said Gary Stein, a Net advertising analyst at Jupitermedia Corp.
"Companies have issues with Claria, but I don't imagine it would go away."

Goldman Sachs last week estimated that Yahoo took in $20 million annually from Claria and Intermix Media Inc., an adware
company recently sued by New York Atty. Gen. Eliot Spitzer. A Yahoo spokeswoman said Claria met the company's standards
for informing users what it was doing.

Claria and its largest competitors -- 180Solutions Inc., WhenU.com Inc. and DirectRevenue -- disclaim the spyware label, calling
their programs "adware." But all have been faulted for vague or insufficient disclosures to consumers and for making their
programs difficult to remove from computers.

Claria's software, for example, usually isn't listed by name in the "add/remove programs" menu on computers, making it harder
to delete. And users who click on ads for Claria products see installation screens that don't say what will happen to their
computers until after the user indicates that they accept.

Claria Chief Marketing Officer Scott Eagle said the company had recently made its terms clearer and its removal easier.

Claria competitor 180Solutions makes pop-up software that is installed automatically through browser security holes. Although
the firm said it was cracking down on that practice, it still offers bounties for each installation, a model that analyst Stein said
encourages "all kinds of sneaky tactics." Recent 180Solutions ads ran on behalf of J.P. Morgan Chase and Disney.

"Most of their advertisers are mainstream companies," said Ari Schwartz, associate director of the Center for Democracy and
Technology, a nonprofit public policy group.

Just as not all merchants care how they get their business, not all affiliate networks are equally strict. Take Commission
Junction, which is owned by Westlake Village-based ValueClick Inc. and drives computer users to Citigroup Inc.'s Citibank,
Home Depot Inc. and IBM Corp.

Until this month, Commission Junction's 70,000 affiliates included 180Solutions and a firm called Exact Advertising, which makes
a "Bargain Buddy" pop-up that has been installed through a security flaw in Web browsers. Bargain Buddy recently carried ads
for 1,000 merchants, including Dell Inc., British Airways and Gap Inc.

After The Times asked about the practices of Exact Advertising and 180Solutions, Commission Junction said it was going to stop
doing business with both.

Some say fed-up computer users are the ultimate police force. Dell, the world's largest maker of personal computers, withdrew
its advertising from the biggest adware companies a year ago. It quit working with Exact Advertising last month after customers
complained.

When Dell's anti-spam or anti-spyware policies are abused, Dell spokeswoman Jennifer Davis said, "if we don't find out about it,
a customer is going to tell us." But others, including Lurhq's Stewart, don't think consumers understand enough about what's
going on to pressure the blue-chip firms.

Far from fighting back, he said, "before long, they'll start to think the Internet is supposed to have pop-up ads on every page."

[Illustration]
Caption: GRAPHIC: This spyware sponsored by...; CREDIT: RAOUL RANOA Los Angeles Times; PHOTO: NET ACTIVITY:
Commission Junction's network has 70,000 affiliates. Above is network quality specialist Todd Miller, left, Vice President
Elizabeth Cholawsky, network quality specialist Jon Thollander and Terence Kinsky, director of network quality.;
PHOTOGRAPHER: Spencer Weiner Los Angeles Times

Credit: Times Staff Writer

Reproduced with permission of the copyright owner. Further reproduction or distribution is prohibited without permission.
Subjects:        Corporate purchasing, Online advertising, Computer security, Advertising expenditures, Spyware, Big
                 business
Companies:       1-800-Contacts Inc(Ticker:CTAC, NAICS: 454113 ) , Travelocity.com (NAICS: 561510 )

http://pqasb.pqarchiver.com/latimes/834803321.html?MAC=f03eb6bbeb32410565bfedff7386c7c2&did=8... 6/9/2005
Los Angeles Times: Archives                                                                    Page 4 of 4
Document types:   News
Section:          Business; Part C; Business Desk
ISSN/ISBN:        04583035
Text Word Count   1916
Document URL:




http://pqasb.pqarchiver.com/latimes/834803321.html?MAC=f03eb6bbeb32410565bfedff7386c7c2&did=8... 6/9/2005