Engaged in marketing adware and anti-adware
Here's a lesson in Conflict of Interest 101. A new so-called adware removal program hit the net recently -- literally hit the net as in being downloaded through exploits and bundled with other nasty-ware like DollarRevenue and Look2Me. This program is called AdwareFinder. Take a close look at the page and on the lower right side you'll see "AdwareFinder is proud to be a member of the Network Advertising Initiative" next to the NAI logo. This new rogue anti-adware program was blogged at SunbeltBLOG after being discovered by one of the researchers in a large DollarRevenue infestation. The definitions "database" consists of a "spy" file with a list of file names and program names -- that's it. Nothing more, nothing less. You can see contents of the text file here. Example:
ieupdates.exe
updaterie01.exe
fixieupdate.exe
DyFuCA
Internet Optimizer
STWSI
wsem210.dll
Based on that "database", I'd assume the scan engine does "dumb string scans". Not much of an anti-adware/spyware program, eh?
Here's where the conflict of interest lies -- couple of days ago I got into a massive DollarRevenue infestation myself, all started by executing two old DollarRevenue files from my malware archive, and ended up with something like 43 adware/spyware/malware programs on my virtual machine. Among those programs were two apps I hadn't seen before from -- you guessed it -- from the same company that makes AdwareFinder, EngageMARKETING. I had their EngageSideBar and their Contextual Toolbar installed with no notice or consent. Never mind that the Contextual Toolbar page also has the NAI logo.
Here's what EngageMARKETING says about themselves.
engageMARKETING provides valuable software programs and comparison shopping tools free in exchange for occasionally displaying contextually relevant advertising based on real-time online behavior. Not to be confused with spyware, engageMARKETING protects user privacy at all times, never profiling users or tracking personally identifiable information.
EngageMARKETING's products may not be spyware, but it was installed by spyware and with spyware. Along with the Engage apps, I managed to have DollarRevenue, Look2Me, Qoologic, TagAsaurus, RegiFast, SurfSideKick, ZenoTecnico, NewDotNet, (links to information at AV and anti-spyware sites) various trojan downloaders, password stealers -- an ugly mess.
So, here we have a company selling an essentially useless anti-adware program and allowing it *and* their adware programs to be bundled with spyware downloaded through exploits, installing silently with no notice and consent.
Who is behind this mess? It's hard to say. The engageMARKETING website shows:
Engage Marketing
Corporate Headquarters:
Jr. Quito 2379 - Jesus Maria - Lima – Peru
info@engagemarketing.com
The domain registration whois info doesn't help as the domain is registered through Moniker Privacy Services. Adwarefinder.com shows an address in San Francisco and the name Internet Revenue Services, Inc., which is found in the California Corporations database.
One has to wonder what these people are thing and if the NAI is aware of what's really going on with the company, or if the company is really a member of the NAI, in fact. In looking at the list of members, I don't see EngageMARKETING on the list. Hmm... I may have more on this later.
June 27 update: I contacted NAI regarding the claims on the adwarefinder and contextual toolbar pages and received a reply that EngageMARKETING is not a member of NAI. NAI also found a address and phone number, supposedly for Engage's legal department, in Napperville, IL. but when they called the phone number, the person who answered claimed they never heard of the company or the web sites. Not surprising.