2 Comments

The Power Of Social Media Networks In Adware Distribution

May 18, 2010
by

Security companies have been talking about social engineering in the distribution of adware, malware and spyware for years now. In the early days of social engineering discussions, the mechanism for tricking end users into installing potentially unwanted software focused on such avenues as IRC and IM services. Basically, the end user is lulled into a false sense of security that a link is safe to click since it is coming from a “friend” via a social network.

The companies behind adware and spyware have always been innovative and typically one-step ahead of the curve when it comes to installation methods. Their survival is dependent upon their ability to have their software installed on computers. Naturally, social networks like Facebook will be prime targets as a potential source for installations.

Anatomy of an Attack

Several sources (Computer World, InformationWeek) are reporting a wide-spread adware attack on Facebook Monday. We can gain insight into just how powerful social engineering can be when mixed with a very popular social network like Facebook for adware companies.

The attack involved a Facebook application promising “the sexiest video ever”.  When Facebook users installed the app, they were told they needed to update their FLV Player. This isn’t a completely uncommon occurrence in and of itself when watching a video online. When the link was clicked to update their FLV Player, the end user received an installation of HotBar.

The attack was contained solely on Facebook. It did not involve installing any type of Trojan or virus that was then sent out via infected computers. The infections were limited only to those people who clicked the link to update their FLV Player. In a fifteen hour period (the time it took Facebook to remove the threat), AVG Technologies is reporting 300,000 infections. At peak times of the attack, AVG was receiving 40,000 reports per hour.  These are astounding numbers, particularly when you keep in mind these are detections by one security company (those infected who use AVG and opt into sending threat detections to AVG servers).

Source Behind the Attack

Hotbar is the current brand being used for the software previously known as Zango. The HotBar brand was resurrected after Blinkx bought Zango in the wake of Zango being foreclosed on by their creditors and entering into bankruptcy. Since this is not the first major incident of questionable installation of HotBar under the ownership of Blinkx. It would seem that Blinkx learned little from Zango’s run in with the FTC over charges of nonconsensual installations, charges which lead to a fine of $3 million dollars and the company’s ultimate undoing as advertisers stayed away.

The use of contextual adware, like HotBar, has existed within the affiliate marketing channel since their existence. Initially they were allowed by the major networks (even before the proliferation of CPA Networks). Even when allowed, this form of marketing was highly controversial. Eventually all the major networks disallowed this type of marketing, in a large part because of legal actions being taken by regulatory agencies against some of the larger adware companies over installation tactics.

As CPA Networks began to expand into the market place, many of these agencies openly allowed contextual adware marketing (and still do). The DirectTrack software, used by many CPA Networks, is programmed to recognize and accommodate contextual advertising. Even so, contextual adware marketing became the “black sheep” of the affiliate marketing channel.

How the Playing Field has Changed

Over the last several months, contextual adware advertising has donned yet another new face, under the name of PPV or CPV marketing. There is a sector within the affiliate marketing community who are promoting contextual adware marketing, such as through HotBar, as a legitimate form of marketing by affiliates. By virtue of just saying it is a “legitimate” marketing channel, many appear to be accepting the statement as fact.

One of the primary defenses of contextual adware marketing I’ve seen is that “it’s not spyware, it’s adware and the end user wants it.” As the Facebook attack demonstrates, the end user doesn’t always want it.  Sometimes the end user is tricked into installation. The past issues of nonconsensual installations that invited outside regulators like the FTC have not gone away. Nor is the label “adware” necessarily connotative of a benign software application, as implied by those promoting PPV/CPV marketing. Even Zango recognized that fact by virtue of their failed legal attempt to force Kaspersky and PCTools to declassify their software as adware.

I’ve been following contextual adware for almost ten years now. I’ve seen little change in the fundamentals of how contextual adware companies operate. The most significant change I’ve noticed of late is the seemingly willingness by some within our industry to openly accept and embrace this type of “marketing”.

About Kellie Stevens

You can follow Kellie on Twitter: @KellieAFP.

Filed under: Adware, Spyware, Greynets, & Internet Fraud + Contextual Advertising + Security Issues + Social Media + Social Networks & Networking + Viral Marketing
  • Pat Grady

    Driveby shatware relies on unsuspecting consumers, unknowing merchants, ignorant or dubious or lazy AMs & OPMs, and complicit affiliate networks – all existing in great quantities. Networks have the tools and aggregate data to effectively police it, plus they have their fiduciary responsibility to motivate them. Unfortunately most networks have learned they have more to gain by kissing the cheeks that flatulate on their clients, than by rolling down their virtual window.

    If you’re in this biz, I urge you to do one thing – calmly analyze the issue and figure out the obvious ethical paths that have been created for you by the specturdular.

    I used to bleed for the victims as well as ooze disdain for the perps. Watching the utter and vast ocean of passivity and seeing it continue to exist not only unabated, but nearly unopposed – eventually drug me to reach other conclusions.

    Shiny happy now, and ironically thankful for the inefficiencies created by hucksters and idle profiteers, and permitted by the intellectually lazy and incompetent.

    Reinforces my experience that “no” is the best motivator that man ever encounters.

    I raise my glass to their no, and smile, sipping the sweet nectar that both the stinging and worker bees have made for me.

  • http://www.affiliatefairplay.com Kellie Stevens

    Passivty is a form of acceptance.

    Me I’m spitting into the ocean, or maybe the oil-slicked Gulf. But then I’m a fool at times.