Your Ad Here. And Here. And Here

How a web of middlemen is hijacking the placement of online ads -- and cashing in

Woe unto the Web surfer who visits The site, popular with curious teenagers, offers free code used to unlock bootleg copies of everything from Windows XP to video games. But click a link to download a pirated program, approve one pop-up window, and secretive programs install themselves on your PC. Then this "adware" generates endless pop-up ads from well-known companies such as AT&T (T ), eBay (EBAY ), and Internet phone service provider Vonage Holdings.

It's one example of how some questionable characters are hijacking the placement of online ads as big companies pour billions into Web marketing. On Apr. 4, New York Attorney General Eliot Spitzer filed fraud charges against Internet marketing firm Direct Revenue LLC for allegedly sneaking adware onto millions of PCs. Direct Revenue calls the lawsuit baseless.

The gravy train starts with big advertisers. The companies they hire, such as Yahoo! (YHOO ) and Google Inc. (GOOG ), tally the clicks the ads generate and charge accordingly. But to juice the returns, those outfits sign up partners who distribute the ads in return for a fee, and those partners sign up other partners. With each layer vying for more locations to showcase lucrative ads, there's an incentive for someone along the line to deliver them via surreptitiously installed programs. Says Ed English, chief technology officer for antispyware products at security firm Trend Micro Inc. (TMIC ): "We're seeing new trick after new trick."

An analysis by computer security firm Sana Security Inc. of San Mateo, Calif., shows how such a scheme works. At, users who want to download codes to obtain unauthorized copies of Microsoft Office 2000 are asked to install a type of software, known as ActiveX controls, offered by Dutch firm E.C.S. International. But approving the installation causes at least 16 other pieces of adware to download. None ask for permission to install themselves on PCs, according to Sana. They quickly deliver as many as five pop-up ads per minute.

That setup could generate substantial income. Mike Friedman, business development manager for E.C.S., says it pays easycracks up to 30 cents per installation of the adware programs on U.S.-based PCs. So for each PC loaded with 16 programs, easycracks could earn up to $4.80. In turn, E.C.S. makes money from brokers who pump ads through its adware. Friedman admits his company's user agreement does not clearly disclose that 16 pieces of adware will download onto PCs. E.C.S. is changing the agreement, he says, and as a result of BusinessWeek's inquiry it is investigating easycracks. Easycracks, whose Web site says it is based in Armenia, did not respond to e-mailed requests for comment.

Big advertisers say it's difficult to track their ads. "They put your name all over some pop-up ad," says eBay spokesman Hani Durzy. "As we become aware of them, we take action to get them to stop." But analysts say companies are only beginning to actively police ad networks. Harvard researcher Benjamin G. Edelman says a Vonage ad traveled through as many as eight subdistributors before appearing on the PCs of users who visited Vonage spokeswoman Brooke Schulz says the company immediately notified its online ad agency, a unit of ad conglomerate Arnold Worldwide Partners, after it was contacted by BusinessWeek.

In a separate study, Edelman shows how ads purchased for placement on Yahoo and partner sites by companies such as Cablevision Systems Corp. (CVC ) were also redistributed until they showed up as pop-ups. According to Edelman, Yahoo became blind to the trail of its own ads. One partner,, presented a Yahoo ad through another site, NBCSearch (not affiliated with the TV network). That company passed it along to one of its own partners. (NBCsearch and did not respond to requests for comment.) Sometimes, the ads showed up in pop-ups from spyware programs. In a prepared statement, Yahoo says it "takes the quality of its search ad distribution network very seriously. We are carefully investigating the claims that have been raised."

By Brian Grow and Burt Helm, with Ben Elgin in San Mateo, Calif.

— With assistance by Benjamin Elgin

    Before it's here, it's on the Bloomberg Terminal.