EDITOR’S NOTE: The latest assault on the computing public seeks not to destroy but rather to suck processing power and exploit like a greedy parasite. This is the last story in a two-part series on the spyware epidemic and how to fight it.
NEW YORK — In less than two years, CoolWebSearch has become the bane of the computing industry.
Its programmers have managed to reset Web browsers so that searches get rerouted to the Cool Web Search engine. And any time anti-spyware engineers find a way to stop the hijacking, a new variant pops up, sneakier than its predecessor. There are now dozens.
“It’s a cat-and-mouse game almost,” said Tim Bryan, an InterMute Inc. software developer in charge of fighting CoolWebSearch.
There are less pernicious forms of spyware, of course. And there’s what’s more properly termed adware because many such programs don’t actually harvest data from users. Adware is often produced by larger companies, one of which even briefly planned an initial public offering.
CoolWebSearch and its ilk are what’s most troublesome because they are so stealthy. Investigators are apparently stymied. In its anti-spyware efforts, the Federal Trade Commission has so far managed to file only one lawsuit — against an American, and in a case unconnected to Cool Web.
The Cool Web network, anyway, seems to be foreign. Its domain name is registered to a post office box in the British Virgin Islands and its owner listed as InterWeb Solutions Inc. However, a Web hosting company in Buffalo, N.Y., that goes by that name said it had no ties whatsoever.
“They stole our name and are dragging our business down,” InterWeb owner Marta Clark said. “We don’t even know who these guys are.”
Efforts to reach Cool Web officials by phone and e-mail were unavailing.
Cool Web appears to make money from Web sites that pay to get listed, sites with such names as “Knock Out Debt.” Affiliates, registered in Belarus, Russia and other countries, get a 50 percent commission for referring traffic to the search engine.
Other spyware developers have similar arrangements — they may pay affiliates a nickel or even a dollar for every software installation, said Dave Methvin, chief technology officer at PC Pitstop, a computer diagnostic site.
“These guys install (spyware) on tens of millions of systems,” he said. “The nickels start to add up.”
On its Web site, Cool Web Search denies creating the tools that hijack the computers of the unwitting, shifting blame to affiliates. It claims it does not condone such activity yet its posted terms with affiliates do not bar the practice.
The technology, meanwhile, has stumped experts.
The first few variants were easy to detect and remove. They got progressively tougher, and one Dutchman who made fighting CoolWebSearch his mission finally gave up and went back to school full-time. In mid-October, he sold his technology, CWShredder, to InterMute, which now has four engineers devoted to the battle.
“These are talented people that are at work here,” Ross Dreyer, InterMute’s director of engineering, said of spyware coders.
Not everyone in the business is quite so adept.
In the U.S. spyware case, filed by the FTC last month, officials say the defendants tried to hide from investigators by redirecting traffic through several different servers.
“It’s almost like rapid fire,” said Laura Sullivan, the lead attorney in the case. “Your computer is connecting on so many different levels to so many different servers.”
Officials allege that Sanford Wallace and his companies tried to sell anti-spyware software by working as an affiliate of a real vendor. They say the pitches came as pop-up ads delivered by spyware that he’d put on the computer in the first place.
Wallace has denied the allegations, saying on his Web site that he is no more than a webmaster. He did not respond to phone and fax messages for this story, though he previously told The Associated Press that federal regulators were politically motivated in targeting him, given his controversial past as a purveyor of junk e-mail.
Some big names, meanwhile, are behind adware. Companies including Netflix Inc. and Orbitz LLC employ it to run ads, though they won’t provide details.
Cendant Corp. and FTD.com Inc. have also been customers of Claria Corp., according to a since-withdrawn IPO filing; Officials of those companies did not respond to AP requests for comment. Dell, which blames spyware and adware for 15 percent of help desk calls, even briefly used it, though the company blamed a U.K. affiliate it then dropped.
Many of these adware companies, though, have improved their practices in response to consumer complaints.
Anti-spyware vendor Aluria Software LLC even recently declared one, WhenU.com Inc., to be spyware-free after it stopped using a technique for embedding code in a pop-up ad or Web site that automatically launched installation.
Aluria, which powers America Online Inc.’s anti-spyware tool, still counts programs from Claria and 180solutions Inc. as questionable.
Todd Sawicki, 180solution’s senior director of marketing, says his company has listened to customers and made its software easier to remove. It has also consolidated distribution, to avoid reliance on third-party distributors that might not do as good a job at seeking consent, Sawicki said.
Claria, formerly known as Gator Corp., did not respond to interview requests but issued a statement saying it does not engage in “disguise, deceit, or deception.” The company said users typically see three to six screens when downloading its program that outline the product, removal information and the value exchange for free games and other software.
Among Claria’s partners is Yahoo Inc., which provides search listings for Claria’s SearchScout toolbar. At the same time, Yahoo offers an anti-spyware tool powered by PestPatrol, which lists Claria products in its “Pest Encyclopedia.”
In response to an AP query on its relationship with Claria, Yahoo said that it carefully screens partners to make sure they “adhere to high standards of notice, privacy and ease of removal.”
AP Investigative Researcher Randy Herschaft contributed to this report.