More on money in Adware

As I blogged a while ago, there’s mucho bucks in adware/spyware.

I’m not sure it’s 2.4 billion, though. That number surprises me (note that it’s possible that the words “profit” and “revenue” have been reversed, as is commonly the case in the press).

Stiennon is a super smart guy (and a worthy competitor) but I think his logic is way off, if this article is an indication of where his thinking is (Thanks, Ben for the link).

I think the total profits (not revenue) in the adware business are between $250 and $500 million based on some very rough math (and it is very rough).

Claria has at least $30 mill in pre-tax. 180 has about 300 employees, and they are very profitable Given that $200k average revenue per employee is fairly realistic, that would make them a company between $50-$60 million. Figuring that they had the same kind of incredible pre-tax as Claria (30%), that puts their pre-tax profit at around $18 mill.

Then the other big ones are Direct Revenue, eXact Advertising, etc. Maybe 10 other guys of note. However, not all of these will be profitable.

The distributors make money, because they get (probably) between 3-25 cents per install. But if that total number of profit was more than 100 million, I would be surprised.

Note that this one quote from the article raised eyebrows here:

“180solutions spokesperson Howard Barokas said Stiennon’s projected $86 million profit for 180solutions was probably too high. He also differentiated the 180solutions software from others on the list, indicating that 180solutions and its Zango software have a clear desktop icon, provide a “double opt-in” for installation, and are labeled clearly.”

I myself just had a stealth install of 180 adware just a couple of days ago on a Vmware test system I was running.

Alex Eckelberry

Microsoft (mostly) fixes Windows Media Player 9 exploit

We’ve discussed this before here and here. Now eWeek reports on the latest.

However, Ed Bott says:

“If you run Windows 98 or Windows Me, there is no patch for Windows Media Player 9 Series. If you are unable or unwilling to upgrade to Windows XP, I strongly recommend that you disable all downloads of signed and unsigned ActiveX controls.”

More good data at Ed’s site.

Alex Eckelberry

First known open source spyware

Gilbert Nzeka aka Khaalel has come up with the first Open Source Spyware .

Post at Insecure.org here.

From: khaalel
Date: Apr 18 2005

Hi,

Since a few years, the number of spywares is growing up but it’s impossible to find a spyware’s code source to analyse it and better understand their work.

After kruegerware’s (and its child) diffusion, I’m introducing you the first open source spyware.

My goal is not to help people writing more and more spywares but to show some people that spywares are not “magic” stuff (like I can see on differents web sites) and are so easy to code. Besides, Virus generators already exist, why spywares generators could not exist?

For the moment, KSpyware can list all the installed programs, can spy the web sites the victim has visited, can obtain a list of e-mail adresses, can hijack IE’s main page, and use NetSend to spam the victim.

I decided to remove the function allowing the dispatch of the gleaned informations and the functions stopping spyware deinstallation (like in kruegerware).

Well, here is KSpyware’s code cource (in Perl) : http://nzeka-labs.com/hacking/KSpyware.htm

KSpyware is under GPL (loollll) so: “You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice
and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.” BUT DON’T TRY IT ON THE WEB.

– Nzeka Gilbert aka Khaalel
– www.nzeka-labs.com
– Author of the french security book: “La protection des sites
informatique face au hacking”.

Alex Eckelberry

How to make money as an adware distributor!

Click here for a fun-filled tutorial on how to make money in adware!

“My first offer for adware was 3 cents per install. Since then I have continued to receive higher and higher offers. Most of the companies I have dealt with only pay for U.S. installs, but I am introducing you to a company that pays up to 25 cents per U.S. install and also pays for 36 other countries!”

He does have this one caveat: “Note: please don’t SPAM as it doesn’t work very well and you will receive a poor reputation.”

Good to know there’s a responsible attitude out there.

Alex Eckelberry

FTC Workshop one year later

Eric Howes writes on the first anniversary of the FTC Spyware Workshop.

Juicy tidbits:

“The adware firms who submitted comments to the FTC or who gave interviews to reporters last year all claimed that the problem was exaggerated or that they themselves were cleaning up their acts.

In fact, in the one year since the workshop the installation methods used to install spyware and adware have become more aggressive, exploitative, and dangerous. The use of security exploits as well as out-and-out malware, in particular, has become widespread and even brazen. To be sure, the use of security exploits to install adware/spyware wasn’t unknown at this time last year, however, those earlier instances were comparatively few and rare, and thus noteworthy and novel. Now they’re rampant.

…Instead of cleaning up its act, the adware industry has essentially spent the last year thumbing its nose at the FTC.

Ed Foster (rightfully) gripes about EULAs

The Uniform Computer Information Transactions Act (UCITA) never got enacted. UCITA does things like standardize provisions for shrink-wrapped license agreements, or End User License Agreements — EULAS — what you are agree to when you click “I agree” in a program’s installation.

Contrary to popular belief, there are a lot of smart lawyers out there, many who saw that this thing would be a real problem for consumers. For example, this excellent writeup posits that consumers think they are buying a piece of software, not licensing it and so don’t really understand the idea of licensing.

At any rate, UCITA basically died. However, the idea of a shrink-wrapped agreement is very much alive, and all software companies use them. They are, in fact, vital documents which outline the rights of the licensee (the purchaser) and the licensor (the software developer).

But they are abused (this story is one example). Spyware adware vendors use EULAs to do a whole host of ugly things. I find the use of EULAs in this context laughable, and I think any sane judge would do the same. I mean–what if a EULA said that you would need to spend $300 per hour to arbitrate a disagreement with the EULA? That’s exactly what one EULA found by Ben Edelman says. It’s plainly idiotic.

Ed Foster at InfoWorld blames the “shadow of UCITA” for the use of EULAs to trick and deceive users.

I do think we do need to get EULAs cleaned up and standardized. Years ago my old alma mater, Borland, revolutionized EULAs with a “no nonsense” license agreement, and it was a Good Thing.

Plain language is one thing (the plain language movement in government is an example of how so many people are fed-up with legalese). But common sense is another attribute of a good license agreement. Our own EULAs we use at Sunbelt aren’t perfect, but we do try and keep them fairly straightforward and understandable. We ourselves could do better.

And no, I’m not a lawyer–and those so qualified are welcome to post comments.

Update: Ed Foster corrects me, “UCITA was enacted and is still on the books in Virginia and Maryland.” Ed also mentioned the Fair EULA (FEUA) project, which I didn’t know about. It’s a good idea and we will be taking a look ourselves. Thanks Ed.

Alex Eckelberry

So they aren’t all luddites?

Good to see there are now two movie people have realized the massive power of peer to peer.

These must be the only two guys in Hollywood who actually have used a computer; judging from the often idiotic CGI stuff we see in movies, most of Hollywood seems to think that computers are mysterious things with science fiction graphics that one talks to. I think one of the few realistic uses of a computer I’ve seen in films was in the Matrix Reloaded where Trinity used nmap to hack a computer.

All joking aside, it’s good to see that some in the entertainment business understand the power of the ‘net and the usefulness of technology used correctly.

Alex Eckelberry

Eric Goldman on Spyware

At the recent Boalt conference on spyware (where unfortunately absent were academicians and spyware superstars Ben Edelman and Eric Howes), Eric Goldman gave a presentation on spyware. Goldman, who teaches technology law at Marquette, is a player when it comes to the crossroads of law and technology.

One of our spyware researchers made these notes after reading Goldman’s presentation:

“1) He hasn’t got any new solutions, beyond a faith in the market and the theory that market mechanisms *should* work to compel adware vendors to offer something of value to users. Note that this faith and theory stand in opposition to five years of empirical experience with advertising software and the way that software has actually been developed and deployed.

2) Goldman seems to assume to contextual advertising can be collapsed into contextual searching — that the two are the same. In fact, they are not. Contextual advertising has largely been driven by the interests of advertisers; contextual searching that would be of real use to users need not follow the adware model.

Goldman’s real mistake is conflating a particular functionality (contextual delivery of content) with a particular business model (contextual advertising software, i.e., adware). In other words, there’s no reason to think that contextual searching would follow the adware model, and every reason to believe that it wouldn’t follow the adware model, because the ultimate question is to what ends the information taken from monitoring of user preferences/behavior is put? Will that data be used to serve the interests of advertisers, or will it be used to serve the interests of users. And, yes, there is a difference — it’s the same difference as well see between the regular search results in Google (which are user-driven) and “Sponsored Links” (which are advertiser-driven).

3) Goldman’s dismissal of notice/choice/consent is of concern. He’s right that endless pop-up boxes would ultimately be self-defeating. But he draws the wrong conclusion from this. If users are demanding more notice about certain functionality in software, that’s a good indication that the functionality is objectionable, and the ultimate solution isn’t to deny them such notice — it’s to strictly control or even eliminate the software that has such functionality, not let it persist in the blind, misguided hope that the purveyors of such software will somehow reform their practices and software when they’ve given every indication of moving in the precise opposite direction.

Unfortunately, Goldman doesn’t have anything to offer beyond more of the same, and he can’t offer any empirically grounded reasons for believing that his market-based future would be any different from our experience with market-based non-solutions over the past 5 years (since adware first emerged on the internet).”

Alex Eckelberry

The cat is (almost) out of the bag

We’ve been on a whirlwind press tour lately to provide senior members of the press an advance look at our new version of CounterSpy (consumer), version 1.5. I did the east coast with our VP of R&D, Eric Sites; and our product manager and marketing manager did the west coast.

Wayne Cunningham at Cnet got an advance peek and blogged on the subject.

The new version, shipping at the end of the month, is a pretty significant improvement on the existing engine.

Since this is a very competitive environment, I won’t spill all the beans yet. But I think people will like our improvements, all of them “under the hood”.

More later. And for those who ask, anyone who has purchased the current version will get a free upgrade.

Alex Eckelberry

Intermix Media (formerly eUniverse) being investigated by Elliot Spitzer

From Intermix Media’s 8-K released yesterday

“The Company has recently been advised by the Internet Bureau of the Office of the New York Attorney General (the “NY AG”) that it is considering commencing an action against the Company for unlawful and deceptive acts and practices associated with distribution of toolbar, redirect and contextual ad serving applications (“downloads”). The NY AG asserts that the Company and/or third parties distributed downloads that were installed by users without sufficient notice or consent and in a manner that made it difficult to locate and remove the programs. The NY AG, in the event of litigation, would be seeking disgorgement of profits, civil penalties and other remedies. While the Company respectfully disagrees with the assertions of the NY AG, the Company is committed to resolving the matter as soon as practicable. The Company’s download applications and business, part of its Network segment, were created by past leadership. The Company has been in the process of scaling down its download business, which does not represent a material component of the Company’s fiscal year 2006 forecasts contained in the Company’s current report on Form 8-K filed concurrently herewith. The Company’s estimate of the financial impact of the NY AG matter is included in the Company’s forecasts, although no assurance can be given that the financial impact of the matter will be confined to the Company’s expectations. “

Thanks to Ben Edelman/Eric Howes for the tip. Eric also posted more info on BroadbandReports.

We have over 30 Happy/Fun/Exciting! websites associated with Intermix Media / eUniverse / SirSearch / PowerSearch / KeenValue / PerfectNav, including ones like
ad-logics.com, casesladder.com, castlemountains.com, colorgenics.com, coolquiz.com, crazymates.com, cupidjunction.com, cursorzone.com, etc.

eUniverse Intermix is an interesting company. Publicly traded, they have an internet marketing practice. But in addition to that, they have a product division, Alena, which actually creates things like skin creams and even a vitamin formula for dogs.

A recent press release by the company said this about next year’s prospects:

The Company expects fiscal year 2006 revenues to be between $112 and $115 million, which represents an increase of approximately 40-45% over preliminary fiscal year 2005 results. The Company expects net income for fiscal year 2006 to be approximately $8 million, or 17 cents per fully diluted share prior to allocation of income to preferred stockholders, and expects EBITDA to be approximately $12 million. These forecasts do not include the impact of changes in accounting for stock-based compensation expected to take effect beginning with the Company’s second quarter of fiscal year 2006. The Company’s fiscal year 2006 forecasts include approximately $2 million in costs expected to be incurred in connection with Sarbanes Oxley Act compliance, which costs are expected to be substantially lower in fiscal year 2007. It also includes any financial impact which the Company anticipates may result from the New York Attorney General’s investigation and possible civil action, which the Company has described in a separate 8-K filed today with the SEC.

Alex Eckelberry