You Can't Keep A Bad Scheme Down

The spyware scourge is only getting worse. Worried about angry consumers and legal troubles such as those facing Direct Revenue, some spyware companies are changing their ways -- for example, by asking computer users more clearly whether they understand they will receive pop-up ads. But new and more nefarious online advertising outfits are cropping up, many of them based overseas, says C. David Moll, chief executive of Webroot Software Inc., a Boulder (Colo.) company that makes programs to fight spyware. "Trench warfare, that is spyware today," Moll says.

Direct Revenue rival 180Solutions Inc. launched a reform campaign last year. Now renamed Zango Inc., the Bellevue (Wash.) company sued seven of its distributors, accusing them of installing its programs, which it calls "searchware," without obtaining permission from PC owners.

But some online security analysts question whether Zango was serious about changing the way its software is distributed. The company has voluntarily dropped its suit in King County (Wash.) Superior Court. Rather than litigate, Zango says it is protecting consumers by simply cutting off unprincipled intermediaries. Still, roughly 600 of what it calls "publishers" continue to market its advertising programs. With those numbers, skeptics say, some of the middlemen are bound to try to use sneaky tactics to install Zango on PCs. "When you have a huge number of affiliates, it's almost impossible to police them," says Ed English, chief technology officer for anti-spyware products at Tokyo's Trend Micro Inc.

If you know where to look, you can watch the spyware brands proliferate. provides a veritable supermarket of 26 pop-up programs, sporting names like GimmyCash!, MatCash, and MakeThemCry. Webmaster-Money aims this information at other Internet-based businesses that are eager to form alliances with companies that make these programs. Webmaster-Money shoppers are invited to package their software with the spyware programs. The businesses pay as much as 80 cents each time one of these bundles is installed on a consumer's computer. Describing its spyware offerings, Webmaster-Money awkwardly advises visitors that "sometimes are these programs anoying [sic] for surfers, but you can be surprised how much they can make for you."

Radovan Pokorny owns Webmaster-Money, which is based in the Czech Republic. Reached by telephone, Pokorny, 28, says he knows that some of the programs on his site may be spyware. In fact, he says he receives commissions of up to 10% for referring clients to spyware providers. "I'm trying to make money by telling other people how to make money on the Internet," he explains.

Setting up shop in jurisdictions where the legal system is looser than in the U.S. has become a common tactic for players in the spyware industry. Atlanta-based Internet Security Systems Inc. says that it's tracking 15 variants of spyware distributed by one company, Neoteric Ltd., based on the British Channel Island of Jersey. "Some companies that realize they may be caught and prosecuted, but do not want to change their practices, are moving offshore," says Kenneth M. Dreifach, former head of the Internet bureau in the office of New York Attorney General Eliot Spitzer. Neoteric did not respond to requests for comment.

Easy profits are attracting more sinister operators. Last August, police in Morocco, armed with intelligence from U.S. authorities, arrested Farid Essebar on suspicion of creating "worms," malicious programs designed to cripple computers. The FBI believes that Essebar, 24, created the worms, known as Mytob and Zotob, that last summer gummed up thousands of PCs in U.S. congressional offices, at The New York Times, and at industrial equipment manufacturer Caterpillar Inc. (CAT ), among other companies. Code written into the Zotob worm lowered PCs' security settings, allowing spyware to download more easily to those computers. Essebar was paid as much as 6 cents per installation by spyware operators, according to British e-mail security firm MessageLabs Ltd. FBI officials say Essebar was recently released, although he has been charged with credit-card fraud in Morocco. He couldn't be reached for comment.

As one alarming spyware scheme gets shut down, another one crops up, according to Jeremy Pickett, security practices manager at Sana Security Inc. in San Mateo, Calif., adding: "There is still more suffering to come."

By Brian Grow

Before it's here, it's on the Bloomberg Terminal.