Yahoo Sued For Spyware-Driven Click Fraud

The lawsuit, filed by Crafts by Veronica, charges that Yahoo and its New Jersey affiliates put ads in spyware, then charged advertisers for the click-throughs.

Thomas Claburn, Editor at Large, Enterprise Mobility

May 4, 2006

12 Min Read
InformationWeek logo in a gray background | InformationWeek

In This Issue:
1. Editor's Note: Blue Security Shoots Itself, And Thousands Of Other People, In The Foot
2. Today's Top Story
    - Yahoo Sued For Spyware-Driven Click Fraud
3. Breaking News
    - Microsoft Investment Hike To Continue: Ballmer
    - Philadelphia Counts Down To Citywide Wireless
    - Brief: AOL's AIM Users To Get A Free Phone Number
    - Sun Readies Java EE 5 For Launch
    - Moscow Wi-Fi Network To Reach 4 Million Homes
    - Cyberspace Running Out Of Addresses: Report
    - Original Star Wars Films Land On DVD
    - IT, Communications Spending In China Soars
    - Brief: Nintendo To Launch DS Lite Device In U.S.
    - Tech Terms Baffle Most U.S. Adults: Poll
4. Grab Bag: News You Need From Around The Web
    - Judges Challenge Internet Wiretap Rules (Yahoo News)
    - House Panel Calls For Broader Gambling Ban (InternetNews.com)
    - Electric Car Faster Than Ferrari Or Porsche (Business 2.0)
5. In Depth: Security
    - Microsoft: Users May Have To Prove Legal Windows Use
    - Security Threats Rising For Apple Macs, Report Shows
    - Blue Security Shifted Attack, Brought Down Blogs
    - Blue Security Denies It's At Fault In Blog Outage
    - Microsoft Plans Three Patches This Week
    - McAfee Launches VirusScan For Mactel
6. Voice Of Authority
    - Open Source: Who Takes But Doesn't Give Back?
7. White Papers
    - 9 Steps To Building A B2B Business Case
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote of the day:
"Under certain circumstances, profanity provides a relief denied even to prayer." -- Mark Twain


1. Editor's Note: Blue Security Shoots Itself, And Thousands Of Other People, In The Foot

When an outfit called Blue Security launched a service to go after spammers with vigilante justice, any idiot could've foreseen big problems.

In fact, an idiot did.

It wasn't a tough prediction to make. Vigilante justice is always a bad idea because it often results in innocent people getting hurt. And that's what happened, as a spammer's counterattack against Blue Security brought down thousands of blogs worldwide.

Blue Security's business model is to identify spammers and launch denial-of-service attacks against them. E-mail users sign up for the Blue Security service. Every time a Blue Security-protected E-mail account gets a spam message, Blue Security sends an unsubscribe request to the sender's site. Not just one unsubscribe request—it peppers the sender with multiple requests for every single spam message received.

The plan is that eventually the spammers will have to stop sending their spam because every single spam message will result in stepping up the DoS attack on the originating site. (Blue Security denies it's a DoS attack, but of course it is.)

Blue Security's business model is certainly tempting. Spammers are sleazy, low-life thieves, stealing time and computing resources from honest working people like you and me. Technology is only partly effective at stopping them, and laws like the United States' CAN-SPAM Act are a joke.

Still, vigilante justice isn't the answer, because when victims resort to vigilante justice, innocent people get hurt.

And that's what happened. According to a report from TechWeb.com, a spammer launched a denial-of-service attack against Blue Security's Web site. Blue Security redirected the DNS address for that Web site to Blue Security's blog.

The problem: Blue Security's blog is hosted by a third-party service run by Six Apart, and Blue Security didn't even notify Six Apart, let alone get permission.

The redirected DoS attack against Blue Security brought down Six Apart's popular TypePad and LiveJournal blogging services. That brought down thousands and thousands of blogs around the world (including, by the way, my personal blog).

Blue Security denies it's to blame.

This isn't exactly what I predicted back in July. Back then, I predicted that Blue Security itself would start aiming its DoS attacks against innocent parties whom Blue Security thought, erroneously, were spammers.

What happened here is that innocent parties—Six Apart and its customers—got caught in the crossfire between Blue Security and a spammer. That's another common problem with vigilante justice: Innocent people get stuck in the middle.

Or, as one observer put it: "If my couch is on fire, I don't push it out of my house and into my neighbor's."

Spam is a problem, but Blue Security isn't helping solve the problem. It's only making it worse.

What do you think? Is Blue Security justified in trying to strike back at spammers? Leave a comment on this post on the InformationWeek Weblog and let us know.

Mitch Wagner
[email protected]
www.informationweek.com


2. Today's Top Story

Yahoo Sued For Spyware-Driven Click Fraud
The lawsuit, filed by Crafts by Veronica, charges that Yahoo and its New Jersey affiliates put ads in spyware, then charged advertisers for the click-throughs.


3. Breaking News

Microsoft Investment Hike To Continue: Ballmer
The company's R&D plans for MSN and software services are on track, Microsoft CEO Steve Ballmer says, despite the shocked reaction the plan is receiving on Wall Street.

Philadelphia Counts Down To Citywide Wireless
The build-out of Philadelphia's citywide wireless mesh network could start as soon as early June, with the first phase completed by the end of the summer.

Brief: AOL's AIM Users To Get A Free Phone Number
The phone number would compete with eBay's Skype VoIP service, which charges $4 for a number.

Sun Readies Java EE 5 For Launch
This week's community process launch lays the groundwork for what Sun is calling the most significant update to the corporate version of the development platform in more than five years.

Moscow Wi-Fi Network To Reach 4 Million Homes
The mesh network will use 5,000 access points. Tests are scheduled to be finished this summer.

Cyberspace Running Out Of Addresses: Report
By 2012, Frost & Sullivan says, the Web will be out of IPv4 addresses. It may be time to consider migrating to IPv6, according to the consultancy.

Original Star Wars Films Land On DVD
The original theatrical versions of the first three movies are coming to DVD in stores September 12.

IT, Communications Spending In China Soars
While global spending on tech will grow by 6% this year, it will rocket by 21% in China, a new study predicts.

Brief: Nintendo To Launch DS Lite Device In U.S.
Already available in Japan, Nintendo has confirmed it will launch the portable game player in the U.S. on June 11.

Tech Terms Baffle Most U.S. Adults: Poll
The latest tech buzzwords, such as RSS and VoIP, are little more than gobbledygook to more than half of American adults.

All Our Latest News

Watch The News Show

In this edition:

John Soat With 'Eye On IT'
The FTC goes after data brokers, the man known as the "Spam King" gets fined, Wal-Mart plans to sell build-your-own PCs, and more.

Stephanie Stahl With 'John Chambers, Part 2'
Cisco CEO Chambers discusses intelligent information networks. He says more functionality will move into the network.

Sacha Lecca With 'Robot Furniture'
Check out this video of a chair that rebuilds itself if broken. You've got to see it to believe it.


----- The latest research, polls, and tools -----
IT Salary Adviser--Benchmark Your Pay
Learn how your pay compares to that of your peers with our free and confidential online tool. Featuring more than 20 job functions and tracking IT compensation across 20 metropolitan areas, InformationWeek Research's 2006 IT Salary Adviser makes it easy to compare your salary and compensation.

Do You Access Our Content From A BlackBerry Or Treo?
Many of our readers do, and we want to ensure that you get the best experience in using our content. So we've created a PDA-friendly version of our news content, with similarly streamlined content pages, to make your PDA experience a good one. Check out our latest enhancement.
-----------------------------------------


4. Grab Bag: News You Need From Around The Web

Judges Challenge Internet Wiretap Rules (Yahoo News)
A U.S. appeals panel sharply challenged the Bush administration over new rules making it easier for police and the FBI to wiretap Internet phone calls. A judge said the government's courtroom arguments were "gobbledygook."

House Panel Calls For Broader Gambling Ban (InternetNews.com)
A House subcommittee has approved legislation banning all forms of online gambling in the United States.

Electric Car Faster Than Ferrari Or Porsche (Business 2.0)
Silicon Valley's big brains think they can beat Detroit and Tokyo and save the planet—all while doing 0 to 60 faster than almost anything on the road.


5. In Depth: Security

Security Threats Rising For Apple Macs, Report Shows
The number of Mac threats is increasing at triple the rate of Windows infections, according to a study.

Blue Security Shifted Attack, Brought Down Blogs
This is a wild tale of a denial-of-service attack, allegedly orchestrated by a big-time spammer against an anti-spam security company that brought down a blogging site.

Blue Security Denies It's At Fault In Blog Outage
In another twist to this tale of denial-of-service attacks, spammers, and anti-spam security, the CEO of one security firm staunchly defends his company.

Microsoft Plans Three Patches This Week
Two of the trio affect Windows, while the third will resolve one or more issues in the Microsoft Exchange mail server software.

Microsoft: Users May Have To Prove Legal Windows Use
Microsoft is piloting an opt-in notification service for its Windows Genuine Advantage online verification program in the U.S., which may make it mandatory for users to get Automatic Update or Windows Update Rights.

McAfee Launches VirusScan For Mactel
McAfee released a report claiming a huge increase in Apple vulnerabilities, and then followed that up with an anti-virus product for Intel-based Macs.


6. Voice Of Authority

Open Source: Who Takes But Doesn't Give Back?
Charles Babcock says: Do the companies that benefit the most from open-source code give anything back to the community? That's a provocative question that comes up when you take a close look at how prominent open-source projects actually work. I don't want to point any fingers, but what about the banks and financial services firms? How much do they give back?


7. White Papers

9 Steps To Building A B2B Business Case
Get executive approval for your B2B initiatives with this guide. Learn how to create a compelling business case by following these nine steps to quickly secure funding and executive approval, as well as maximize success.


8. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.


9. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
[email protected]

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2006 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights