IP Democracy: Print This

IP Democracy: Must-Read: The Nasty Business of Spyware

Business Week has as its cover story today a fascinating and slightly frightening examination of former spyware leader Direct Revenue. This in-depth investigation of the shameless company, which downloaded without clear user understanding damaging spyware onto millions of computers, provides a scary look into the economics of the web-based direct ad revenue business.

The company, located in a loft above a clothing boutique in New York’s hip SoHo district, has been a pioneer in a seamy corner of the booming Net advertising industry. Although it is small by some corporate standards, having generated sales of about $100 million since its start in 2002, its programs have burrowed into nearly 100 million computers and produced billions of pop-up ads.

It’s no surprise that NY Attorney General Eliot Spitzer filed suit against Direct Revenue in April for fraudently installing spyware programs on millions of computers with the users’ consent. Not only did Direct Revenue surreptiously install software, it also allegedly knocked out the software of rival ad programs by using code developed by a team of stealth programmers called “Dark Arts.”

The team called itself Dark Arts after the term for evil magic in the Harry Potter series. One of the biggest threats Dark Arts addressed came from competing software. The presence of multiple spyware programs can so cripple a computer that no ads manage to get seen.

Dark Arts crafted software “torpedoes” that blasted rival spyware off computers’ hard drives. Competitors aimed similar weapons back at Direct Revenue’s software, but few could match the wizardry of Dark Arts.

Moreover, company executives relied on a dense, 7-page user agreement that most users never saw to justify this interference, saying the agreement was a “lawyer-approved license to kill.”

[Company CEO Joshua] Abram presented the new agreement to his troops with an impudence befitting the Dark Arts crew. “It’s a lawyer-approved license to kill,” the CEO said in a February, 2004, e-mail. He urged some restraint because at the time potential investors were examining the company: “I would think twice about going too aggressively on the offense during [due] diligence.” But he added: “Obviously, if we find someone is slaughtering us in the interim, we should not wait to counter.”

What is even more stomach-churning is that Direct Revenue had some blue-chip investors (including Insight Venture Partners, which pumped $27 million into the company) and some high-profile clients, including JPMorgan Chase, Delta, and Vonage. But users were nothing short than enraged by Direct Revenue’s tactics, sending death threats and profanity-laced emails to the company.

Sifting through a stack of customer complaints in June, 2005, a Direct Revenue employee decided to tally the most frequently used words of aggression: “die” (103 times), “f———” (44), and “kill” (15). Douglas Kee, then Direct Revenue’s chief of quality assurance (QA), ribbed colleagues in an e-mail that with all the death threats, it was a “good thing QA sits farthest away from the entrance.”

Posted by Cynthia Brumfield on July 10, 2006 9:44 AM to IP Democracy