Network News

X My Profile
View More Activity

FTC Urged to Sue Adware Maker 180Solutions

The Center for Democracy & Technology, a Washington-based nonprofit public interest group that's leading the Anti-Spyware Coalition, today urged the Federal Trade Commission to sue adware company 180Solutions Inc., accusing it of routinely allowing distributors to deceptively install its online ad-serving software.

CDT's complaint comes after near two years of accusations that 180Solutions' distributors routinely used a variety of illegal or at least illicit methods to install the company's software without computer users' explicit consent. CDT drafted several complaints to the FTC about 18Solutions and its partners, but each time the company claimed it was blindsided by the accusations and that it needed more time to correct its partners' behavior.

CDT Deputy Director Ari Schwartz said the organization opted to file the complaint today because it sees little indication that 180Solutions is fixing the problem. The filing comes just a short time after the emergence of the second instant-message worm in three months that installs 180Solutions' software, among other items.

"Initially it seemed 180 wanted to respond to the concerns we were raising, but as we got further and further into this process and continued to get complaints about bad installations ... we didn't see any overarching effort on their part to correct the core problems," Schwartz said.

In urging the FTC to act on its complaint, CDT's filing alleges that "over the past two years, millions of consumers have been harmed by 180Solutions' pattern of unfair and deceptive practices. Despite CDT's reports, audits from the company's  own consultants, and public reports from security experts, 180Solutions has remained brazenly reckless in its efforts to get its software on users' computers."

The complaint spans some 130 pages, and includes exhaustive documentation and screenshots chronicling case after case of third-party distributors installing 180Solutions' search marketing software without user consent. A timeline of well-documented problems between the company and its distributor network -- taken in part from the CDT filing -- is instructive:

180

-- February 2004: CDT files complaint with the FTC against Seismic Entertainment and MailWiper for using Windows security holes to hijack victims' computers and install 180Solutions Search Assistant -- among other software. The FTC later acts on the complaint, and Seismic -- which was tied to spam king Sanford "Spamford" Wallace -- settles the charges. 

-- May 2004: Independent auditor VeriTest completes a survey of 180Solutions' business practices and finds dozens of partner Web sites that may be engaging in questionable practices including LyricsDomain.com and NegativeBeats.com.

-- June 2004: Several news stories document 180Solutions products being bundled with installs of Internext Media's I-Lookup Toolbar and other adware being installed via numerous sites using two previously unknown and unpatched security holes in Microsoft's Internet Explorer Web browser.

-- July 2004: CDT shelves a complaint with the FTC against 180Solutions for the I-Lookup fiasco, after the company agrees to sue its offending business partners, simplify its software uninstall process, and share the results of a third-party audit of its business practices.

--August 2004: 180Solutions sues Internext.

-- February 2005: CDT investigates 180Solutions' relationship with its biggest distributor, LoudMarketing, which has been connected with numerous sub-distributors caught using software security holes and highly misleading license agreements to install the company's software.

-- April: 180Solutions announces its has purchased LoudMarketing in a bid to "clean up" its partner network.

--July: CDT begins investigating sites from the previous year's audit including LyricsDomain.com, finding that several still have potentially illegal installations. Later that month, 180Solutions announces settlement with Internext in the I-Lookup case and gives settlement money to CDT.

--August: 180Solutions sues seven former distributors the company accused of using viruses to spread its ad software to thousands of computers without their owners' consent.

--September: CDT tells 180solutions that it will delay filing a complaint with the FTC against 180Solutions partners Lyricsdomain and Integrated Search Technologies (IST) if the company ceases to do business with a number of partners found to be engaging in deceptive practices. Later that month, 180Solutions claims it has ended its relationship with several online song-lyrics sites (a common vehicle for adware distribution) and disallowed distribution of its software at so-called "crackz" sites that offer stolen serial numbers for use in pirated computer games.

-- October: 180solutions announces that it is ending its relationship with IST.  A few days later, 180Solutions announces that it would no longer allow "uncontrolled" third-party downloads of its software. Later in the month, a new worm is spotted traveling over America Online's instant messenger (AIM) network, installing 180Solutions software without consent.

-- November: CDT files complaint against IST at FTC, but the complaint does not mention 180Solutions' role. At the end of the month, another software piracy site is documented to install 180Solutions software on user computers with no consent.

-- December: 180solutions announces a change to its distribution system to fix notice and consent problems and to more quickly detect "unauthorized" third-party installs of its software.

-- January: Another AIM worm -- this one even more tenacious and virulent -- is spotted installing 180Solutions software without consent.

180Solutions declined to comment for this story, saying it had not yet reviewed the CDT complaints. The company released a brief written statement, saying "We have made voluntarily improvements to address every reasonable concern that the CDT has made us aware of."

I visited the company's headquarters in Bellevue, Wash., in October, shortly after it  announced it would no longer allow third parties to bundle its software with other products more commonly identified as spyware. Upon interviewing co-founder Dan Todd, I learned that the company still planned to allow its software to be bundled with other products.

To help reduce the risk that some of these installs would be non-consensual, Todd said, 180Solutions was putting in place mechanisms to let consumers more easily uninstall their software and to make sure that distributors who violated the company's installation policies would never get paid.

I pointed out that as long as the company allowed any bundling of its software with third-party products, any solutions it came up with to address the problem of rogue installations was only going to bandage the problem, and that consumers would still be left holding the bag. Despite 180Solutions' December announcement that it was finally retiring the "search assistant,"  the AIM worm that surfaced this month appears to raise some serious questions about whether that program has really been shut down.

By Brian Krebs  |  January 23, 2006; 10:17 AM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Kama Sutra Worm Gets Nasty
Next: NSA Issues 'Metadata' Guidelines for Agencies

Comments

This is great news and a step in the right direction. 180 has repeatedly been caught by more than one researcher on more than one occasion. Lets hope this gets thier attention.

Posted by: TeMerc | January 23, 2006 11:43 AM | Report abuse

It is time to get tough with unsolicited Adware, Spyware, and Trojans. They must not only be closed down immediately but must be viewed as a felony offence by all levels of Government and through out the law enforcement world. They must be treated the same as terrorist activities or phishing schemes and placed within the same category. People must be protected.

Posted by: Jim Snow Junior | January 25, 2006 4:58 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company