Companies Can't Break Ties to Adware

Earlier this year, AT&T's Cingular division and Travelocity both pledged not to advertise anymore via adware--programs that slip onto PCs and inject ads into a user's browser. Verizon took a stance against computer invaders when it became a sponsor of an antispyware initiative. Yet, in March, ads from all three companies were being distributed through adware.

These businesses, along with Comcast and Vonage, acknowledge that their ads have surfaced in adware, but say they never intended for that to happen. The incidents raise a troubling question: Have advertising networks grown so complicated that sponsoring firms can't control where their ads appear, or are the companies simply not being vigilant enough?

Adware's Sources

PCs with the FullContext adware installed showed AT&T/Cingular ads apparently on the Google site--without the search giant's consent.
PCs with the FullContext adware installed showed AT&T/Cingular ads apparently on the Google site--without the search giant's consent.
The findings come from research by adware and spyware expert Ben Edelman. Edelman found that PCs with the adware program FullContext installed showed ads for Cingular and Travelocity that appeared to be on the Google Web site--without the search giant's knowledge. FullContext, according to Edelman, is sometimes installed on a PC without user consent. Security companies McAfee and Symantec identify FullContext as a medium-risk adware program and quarantine it on their customers' PCs. At press time, the FullContext firm had not replied to PC World's e-mail requests for an interview.

Cingular and Travelocity say they prohibit the use of adware by advertisers they hire. Travelocity says that as soon as it found out its ads were showing up in adware, it "immediately suspended and eventually terminated its advertising campaigns with partners who may have been associated with those violations." Cingular says that it took similar action.

According to Edelman, Verizon banner ads were showing up on sites like Google because of a program called DollarRevenue. Once installed on a PC, the DollarRevenue software can inject ads on Web sites in the same way FullContext does. McAfee and Symantec both quarantine DollarRevenue when they find it on users' PCs, calling it a high-risk program.

"Something went wrong," says Jim Smith, a Verizon spokesperson. He says Verizon did business with an advertiser that contracted with another advertiser to distribute the ads. That firm in turn contracted with another advertiser. While Verizon permits redistribution of ads, Smith says, it prohibits the use of adware to show Verizon ads. He says Verizon suspended the advertiser from distributing ads until further review.

Subscribe to the Security Watch Newsletter

Comments