Network News

X My Profile
View More Activity

Web Advertisers Settle N.Y. Spyware Lawsuit

Three of the most aggressive buyers of online advertising space today agreed to pay fines and reform their advertising practices as part of a landmark anti-spyware settlement.

Mobile phone giant Cingular Wireless LLC, and travel sites and agreed to settle their part in an ongoing investigation by the New York State Attorney General's office, which last year sued adware/spyware purveyor DirectRevenue for deceptively and fraudulently installing its pop-up ad serving and Web tracking software on millions of PCs without approval or consent of consumers.

This is an important settlement on a number of levels. Online help forums are awash in desperate messages from consumers whose machines were besieged by pop-up ads after visiting a Web site that used slimy drive-by tactics to install DirectRevenue's software, which is notoriously difficult to remove from a host machine. If you've never read the evidence against DirectRevenue's business practices (this is a company that, according to prosecutors, actually had a department named "Dark Arts"), check out this document for a very entertaining and revealing read.

Perhaps more significantly, these advertisers were just as culpable for supporting DirectRevenue's sleazy business practices long after anti-spyware activists like Ben Edelman, Suzi Turner and others published evidence of the illegal distribution methods of DirectRevenue and the Webmasters it paid to install its software. As I catalogued in a Washington Post story published in 2006, experts consistently documented adware bundles like the ones distributed by Directrevenue being installed on computers that contract distributors had already infected with computer viruses and worms.

Ari Schwartz, deputy director for the Center for Democracy & Technology, a consumer policy group in Washington, D.C., said today's settlement was important for because it recognizes the oft-overlooked role that advertisers continue to play in supporting the adware and spyware industry.

"The dirty secret about unwanted adware is that many legitimate companies -- knowingly or not -- fund its proliferation with their advertising dollars. Until we cut off that funding, there will always be a financial incentive for companies to bombard users with adware that they neither want nor need," Schwartz said in a written statement.

While the settlement is a welcome and important one, the terms and fines could have been a bit stiffer. Under the terms of the agreement, all three companies will have to pay between $30,0000 and $35,000 each to New York state, and each will have to more clearly reference the adware vendor in each ad that's displayed. In addition, "prior to contracting with a company to deliver their ads, and quarterly thereafter, the companies must investigate how their online ads are delivered. The companies must immediately cease using adware programs that violate the settlement agreements or their own adware policies."

By Brian Krebs  |  January 29, 2007; 6:23 PM ET
Categories:  Fraud , From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Patches Mac Wireless Security Hole
Next: Sony Settles FTC Suit Over Music CD Spyware


'May be a decent first step - nothing more.

Who's kidding who here? What about all the damage they already caused? Only a $35k fine? They took that out of petty cash... one less car some executive won't get.


Posted by: J. Warren | January 30, 2007 4:53 AM | Report abuse

Nitpick: according to the first link you gave, Travelocity will have to pay $30,000, not $35,000.

Let's hope the punishment meted out to DirectRevenue is a LOT stiffer -- enough to make their investors think twice before pumping funds into such a dodgy company again.

Posted by: tokyo_joe | January 30, 2007 6:35 AM | Report abuse

The penalty amounts are fine -- this is old news and an old suit. No one is dumb enough to advertising without fully branded ads anymore anyway. Let's move on!

Posted by: Dino | January 30, 2007 8:41 AM | Report abuse

Laughable, the trail should not have been at all, a few days of court costs where more than the penalties.

The thing that needs to happen is that you as a consumer should be able to file a lawsuit against any person or company installing anything on your system that does not have your direct permission. Next the companies like Symantec and Microsoft should be called to account for all the holes that are left in the systems and security devices.

When something slides down your screen asking you to respond to some ad while you are working; and it seems to be an act of GOD to get the thing off of your screen, there should be a $5.00 fine...count it up and out of business they go.

My machine is my castle...stay out; you are not welcome.

Posted by: Blair | January 30, 2007 11:02 AM | Report abuse

The fines and punishments are an insult to any PC user that has "ever" had to put up with the havoc and losses that these idiots create for financial gain.
In our justice system crimes committed for financial gain are dealt with more harshly than others and the victims' losses and damage are considered at time of sentencing.
We need to have a fundamental change in the Justice System's sentencing philosophy for these types of crimes I suggest the following:
1. A minimum-mandatory of 3 or 5 years.
2. A 10 year probation in which the offender is banned from the use of any computer, including any work related. For those of you lily-livered out there, consider someone convicted of robbing a bank, they would never be hired for any job that entailed the handling of money.
3. There should be a National Registry similar to the Sex Offender Predator Register in which anyone convicted should be listed, their offense and record posted, their residence and any employer hiring for a computer (IT) position be required to conduct a search and if they hire the individual (after the 10 year probationary period) the employer accepts responsibility for any computer related crimes/ actions committed by the individual listed in the Registry

Posted by: Robert in Arizona | January 30, 2007 1:19 PM | Report abuse

Is "$30,0000" supposed to be $30,000 or $300,000?

Posted by: tomsax | January 30, 2007 4:54 PM | Report abuse

$1,000 per infected computer would be a more fair fine. Will it hurt the companies involved? Of course it will, the bottom line is the only thing they understand and will stop any future attempts. I am sure they already have people working on another tactic already. Again, our justice system has fail the American People. But that is getting to be a old story that keeps getting older every day.

Posted by: Mic From KS | January 31, 2007 6:21 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company