Interview With An Adware Author


Philosecurity has an interview with [Matt Knox], a former coder for Direct Revenue, an adware company which was sued in 2006 by New York governor Eliot Spitzer. The interview contains some interesting details of how the adware code worked internally: it created a Browser Helper Object, then ensured that the Browser Helper Object stayed up by creating a poller to check every ten seconds and regenerate the Browser Helper Object if it had stopped running. The poller ingeniously masked itself partly by exploiting Windows’ Create Remote Thread function to run itself as a series of threads instead of as an executable.

The truly fascinating bit of the interview is how [Knox] defies your initial suspicion that he’s a complete scumbag; he started off writing spam filtering software, was hired by Direct Revenue to do traffic analysis, started writing tiny bits of code to improve the adware, and eventually wound up knee-deep in the code.  [Knox] notes that you can get ordinary people to do incredibly distasteful things if you break those things into small enough chunks and introduce them gradually.

[via Waxy]

[photo: xcaballe]

41 thoughts on “Interview With An Adware Author

  1. I’m with bigd, he can make as many excuses as he likes. if you’re a developer, then you certainly know what adware is, and you would know if you were working for an adware company.


  2. Yeah like you guys never did something you didn’t want to do for money. If you work at some burger joint, and your manager tell you to clean the toilets, you’ll be cleaning those toilets damn right.

    Its the same thing, just with code instead of shit.

  3. Not the same thing. This guy went around and dirtied those toilets just so you could clean them. he ate extra spicy chilidog with velvetta on top and then aimed for the floor, walls, and ceiling.

    He saw the path, walked down it, and even planted poisonous mushrooms and thistles all the way down.

  4. As if anyone here is regularly inconvenienced by adware/spyware/viruses. Bah. I state that if you are not equal to avoiding/handling this malware that you have much more experience to gain before you can call yourself competent.

    I frequently end up removing this software from people’s computers, and usually I just encourage a backup and reinstall approach, at which point I create an image of the clean system, and create a DVD. Reimaging usually takes 10 – 30 minutes. My goodness, such a trouble…

    Here’s the solution: Linux – Firefox – Noscirpt, and oh yeah and don’t download files that are obviously borked.

    Though I do love this one line, “I actually believe that if you sum up everything I did it comes out positive, if only because I kicked off an awful lot more adware than I installed.” I lolled a lot. Yeah I don’t buy that at all, but I do think it’s really funny.

    Would I do it? If I was broke and it was do it or go hungry/lose my home, yeah, you bet I would.

  5. I for one, support the guy and his efforts. It’s people like him that keep people like me with nice, easy side work for spending money. Well, people like him and the people who don’t know how to use computers.

    I bet his main pc is a mac :D

  6. If someone pays me to write nasty but legal code, why should I give a shit. Since when did Software developers have any moral responsibility? Leave that to the plastic surgeons and the legal profession.

  7. With your average ITT grade engineer it’s usually wherever the finances take you..

    I did some stuff in ~2001 with the MS agent and user friendly interfaces. The threading part is the only thing remotely interesting here.

    The most sophisticated malware to date was rustock.c and the bulk of it’s hype was the packer it came in. It was spread through email attachments and did a lot of hooking and hiding in other drivers.

    That’s almost as good as malware gets without living in some volatile chip memory or becoming the host/kernel.

  8. That screen shot is epic! although i think that guy wins the douche bag of the year award, i would much rather be willing to strangle the dumb ass who asks me “whats wrong with my computer?”.

  9. if you get pwnt by that sort of crap, then you deserve to – darwin is alive and well and working his magic in cyberspace.

    but yeah, the guy’s a class a+ dickhead and should be made to walk the plank… and anybody who’d do the same should follow him. :-)

  10. @blizzard: the difference is, you go to work at a fast food joint to sell food to people that, though it might be a bit unhealthy, the customers generally *want*. To my knowledge, there are no malware/adware products created by companies that also write spreadsheet software or video games — if you go to work for a company and they have you writing adware, you pretty much knew they were an adware company when you took the job.

  11. Re: “[Knox] notes that you can get ordinary people to do incredibly distasteful things if you break those things into small enough chunks and introduce them gradually.”

    Anyone else reminded of the United States of America Corporation from Snow Crash? XD

  12. @ Coderer, you are forgetting that malware hides in smiley packages and “desktop assistants” and “deal search bars” Or Free porn bars.

    People Want those, you may have confused want with need.

  13. @nubie
    I challenge any adware company to distribute their software with the initial screen saying:
    “This software will produce popup advertisments at random times during browsing and send browsing information to our company and our affiliates. To continue, click next”

    See how many people “want” their software then. They are using a standard hacking technique – social engineering – to get inside the victim’s machine.

  14. For the record if doing this meant money, and not doing this meant no money+starving, then I would probably do it. It doesn’t break the law does it?

    Heck the guy is my hero for insuring my job security (or is that Microsoft IE insuring my job security?) If I had a job that is, I only do this freelance for acquaintances.

  15. @jpipesup

    The companies do distribute adware that says that on the initial page, you just have to be able to read in english (as well as actually read it, which is by all counts more difficult than being able to understand english.)

  16. I can understand why he did it, but it’s still wrong. Some people will kill and eat each other because they’re starving to death, but does that make cannibalism any less wrong?

  17. I love this guy, as well as the people who wrote “Win-Antivirus”. I pay for my schooling with the money I make removing this stuff from people’s machine. If they stopped making spyware/adware/malware/shitthatfucksupyourwindowsinstallware, then I’d be out of a job.

  18. If the pay was right I would have no problem writing adware so long as it is within the bounds of the law.

    Actually I have no reservations against the guys who right the ‘hard’ malware (viruses, worms, trojans…) either. Just think, if self-propagating worms didn’t exist, we would have as secure networks as we do today?

  19. If you’re sending this guy to the gallows, then send anyone who ever made a commercial or has orchestrated product placement in movies/TV. Lynch tho people who pay schools (fer crying out loud) to promote their product for a week. Ever hear about that kid getting suspended for wearing a pepsi t-shirt during coca-cola week?

    People don’t read. That’s why they get spyware and other malicious code. Don’t hang this guy, thank him! Not just for the work opportunities, but for waking up a world of youth to the risks and responsibilty that go with technology!

    People who judge this man harshly have never done anything wrong and we should appoint you as leaders of the human race, effective immediately.

    He didn’t install it on anybody’s computer except his own. Same goes for lusers.

  20. low pro:

    But! BuT!! I WANT big brother to take care of EVERYTHING for me so that my only responsibility in life is to be mindlessly entertained with out any responsibility at all!!!
    /sarcasm off.

    Your point is perfectly reasonable, but the sad truth is that we have a world of societies built on self-worth deficient individuals, seeking anything and everything that makes them look/feel valid, smart, capable, attractive or entertained/entertaining.

    I think the english had a name for it: “quiet desperation” To me this means that many live in a state of self denial and make subtly trendy attempts at fitting in to a construct they don’t even like so that they can feel worthy of existing.

    Some times I think that is what separates the hackers/technologists from the average human; they’re finding their own ways to be entertained, rather than delving in to a world of circumstance created by the “elite” who own/run everything else.

    So what is hacking?
    Perhaps it is the ability to read, write and make decisions for one’s self, rather than for a facade of social integration?

  21. I’ve found it worrying that the information on spyware and virus problems has not been keeping up with the danger. It seems like several years since spy ware or virus software gained from any awareness greatly. I wonder if that’s the reason why problems continue and folks are falling victim to viruses and spyware.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.