The Hidden Money Trail

Allison Smith will never forget the week before Memorial Day 2005.

Roaming the Internet looking for some free clip art, Smith found a site that looked perfect. But before she could download as much as an icon, her PC was infested with adware.

"All of a sudden I was besieged with pop-up ads," says Smith, a CPA who runs an accounting firm in Conway, Arkansas. "Boom boom boom boom boom--I had so many Internet Explorer windows [open] that they completely stalled my computer."

Many of the ads Smith saw on her desktop bore a calling card from their creator: an adware program called Aurora, made by New York-based Direct Revenue.

Using another computer, Smith googled "Aurora" to learn more. She ineffectively tried using anti-spyware programs to remove it, tried killing the adware using Task Manager, and eventually hired a computer technician, who spent three days (at $50 an hour) trying to fix the problem. Each time he removed the software, she says, it would automatically reinstall itself under a different name.

Between repairs and lost revenue from downtime, Smith says her adware debacle cost her close to $5000. "What really surprised me was that the ads were from reputable companies, names you'd recognize," she says. "I got really angry that legitimate businesses would advertise their products using a program like this."

Smith's experience is not that uncommon. Many companies' products and services are promoted via adware, software that runs on a user's PC and displays ads, often in response to your Web activities. When we installed various adware programs on test PCs, we saw ads from such well-known brands as Chrysler, Expedia, Microsoft, Priceline, and Travelocity.

Direct Revenue's CEO, Jean-Phillipe Maheu, doesn't dispute that Smith had Aurora on her PC. But, he says, Aurora doesn't pop up as many ads as Smith complained about, indicating that she likely had more than one type of adware installed on her PC. Maheu said his company doesn't condone "drive-by installations," in which the software is loaded on PCs without alerting the user. If Direct Revenue finds that a partner is using this tactic, Maheu says, Direct Revenue severs ties with the partner. (Continue to page 2)

A PC World Special Report

The New Security War: See the Complete Special Report
Best Defenders and Spyware Sweeper Leads the Field (chart)
The Hidden Money Trail
Privacy in Peril
Is the Net Doomed?
Threat Alert: Spear Phishing
Threat Alert: Antivirus Killers
Threat Alert: Instant Messaging Attacks
10-Step Security
Security by the Numbers
More Security Resources on the Web

Also See Our In-Depth Online Series
Web of Crime

Subscribe to the Security Watch Newsletter

Comments