Featured Research

Advertisers Using WhenU

WhenU Violates Own Privacy Policy

WhenU Spams Google, Breaks "No Cloaking" Rules

Documentation of Gator Advertisements and Targeting

"Spyware": Research, Testing, Legislation, and Suits

Introducing the Automatic Spyware Advertising Tester

May 21, 2007


I've repeatedly shown how spyware programs claim commissions from affiliate merchants. If spyware programs and their affiliates truthfully labeled the resulting traffic as coming from spyware, networks and merchants could reject that traffic -- avoiding showing merchants' sites in unwanted pop-ups, and refusing to pay commissions on any sales that result. But in practice, spyware affiliates' traffic is not labeled as such, and is therefore hard to separate from legitimate affiliates. With hundreds of different affiliates reselling spyware-originating traffic, even the most determined merchants face difficulty in finding all their bad affiliates.

In How Affiliate Programs Fund Spyware (September 2005), I offered one way merchants and networks can uncover spyware-using affiliates: Hands-on testing. Infect a set of computers (or virtual machines) with spyware, browse the web, and track what happens. If an affiliate is found buying spyware traffic, then punish that affiliate by refusing to pay it commissions it purportedly "earned," or even by demanding repayment of prior-period commissions.

For more than three years, I've run extensive hands-on tests of spyware programs, in large part to observe and record what ads were shown. But as I take on new obligations, hands-on testing becomes infeasible.

Earlier this year, I wrote a program I call the "Automatic Spyware Advertising Tester" ("AutoTester"). On a set of virtual machines infected with a variety of spyware, the AutoTester browses a set of test scenarios -- viewing web pages, running searches, and even adding items to shopping carts at retailers' sites. The AutoTester keeps a full log of what happens -- including a video of what pop-ups appear, and a packet log of what network transmissions occur. If the AutoTester observes any improper traffic (such as an unexpected and unrequested affiliate link), it records that event in a log file, and it tags the video and packet log accordingly.

The AutoTester has already proven helpful for finding bad affiliates (like the six affiliates I present in today's Spyware Still Cheating Merchants and Legitimate Affiliates, among dozens of others). But the AutoTester can equally well detect other kinds of advertising fraud. I've recently used the AutoTester to record widespread click fraud against "second-tier" PPC vendors, and to monitor the sequences of redirects behind syndicated display advertising. The AutoTester can even test for cookie-stuffing. So it's a handy addition to my toolkit and an efficient way to reduce time-consuming hands-on tests. Look for more automatically-generated reports in the future.

US patent pending.