Fighting adware with… adware

McAfee says it wasn't aware promotional pop-ups were part of an aggressive adware campaign, as a competitor discovered. But it's vowed to find the company responsible.

Picture this: A drug company hits you over the head and then offers to sell you a bandage. Some say that's what Santa Clara, Calif.-based McAfee Inc., maker of popular antispyware software, has done – albeit unwittingly, the company asserts.

Last week, the well-known antivirus vendor found itself in an embarrassing situation in which a pop-up advertisement for its AntiSpyware software was being distributed through aggressive adware -- the very type of a program McAfee's software is supposed to block.

The McAfee pop-up was part of a campaign launched by the "The Best Offers" network, a derivative of the New York-based Direct Revenue LLC. In the past Direct Revenue operated as A Better Internet, or ABI. It provides adware that installs itself and then displays pop-up ads on the user's machine. Ironically, the ad in question states: "Proven security that helps prevent spyware."

"We had no idea that commercials were appearing as adware," said Joe Telafichi, director of operations for McAfee AVERT Labs. "The difficulty is that one contracts with an advertising agency, who then subcontracts with online agency and so on."

More from Niall McKay

Feds 'banking' on financial industry to tell us we're for real

New algorithm promises to secure P2P content

'Whispering keyboards' making noise again

There might be as many as 10 companies in the subcontract chain, he added. "It makes it very difficult to track down or control where the ads are coming from."

What's more, this is the second time McAfee promotions have appeared as part of a pop-up adware campaign. "It's a nuisance for us," says Telafichi. "We end up paying for the additional bandwidth, sustaining damage to our brand and paying for advertising that we don't want."

The McAfee mishap was discovered by at research team at Aluria Software, an Orlando-based competitor now owned by the ISP Earthlink. While the typical virus is rather crude in its coding, adware and its more insidious sibling, spyware, is usually sophisticated code that is polymorphic, self-healing and able to update itself. This makes the software extremely difficult to remove from the user's machine.

"This particular version of the adware is distributed with Kazaa's peer-to-peer network," says James Manning, senior spyware research analyst with Aluria. "It comes bundled with movie viewing software called 'I Watch Now,' but it can also be found embedded in screen savers and online games distributed on the Internet."

Generally, such pop-ups are launched by linking specific ads to a Web browser's keyword search. So, for example, when someone types in the word "virus," the embedded PC program pings its network server to find any antivirus vendors' promotions stored there. It will then serve up the relevant advertisement as a pop-up.

"I can't think of any situation where a user wants to see a pop-up window," says Amrit Williams, director of the Gartner Inc.'s information security practice. "They break the contract between the advertiser and user because they don't let you choose whether you wish to view the ad, so in many cases they make users angry."

Meantime, McAfee officials vowed to track down the adware company. "We will work with our advertising partners, find the ad, see who is responsible and then take appropriate actions," Telafichi said.

Dig deeper on Information Security Laws, Investigations and Ethics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close