The Rebirth Of Integrated Search Technologies (ISTBar/Slotch/et al)

March 12, 2007 Filed under: Adware, Affiliate Marketing — Kellie AFP @ 12:39 pm

And the award for the best rebranding of a company goes to……Media Traffic. It’s not just a renaming of a company, but also a shift in their business model. Where the Integrated Search Technologies (IST) products were toolbars, Media Traffic appears to be looking to become a direct contender with Zango.

Media Traffic’s current adware applications, Vomba and SurfAccuracy, are contextual pop-up applications, like Zango. They allow advertisers to bid and buy CPV (cost per view) inventory based on triggers (keywords, URLs, searches) like Zango. Their adware is currently being distributed across the Vomba Content Network, where end users get access to things such as free screensavers in exchange for installing the Vomba adware. Once more like Zango. We’ll get more into the distribution of Vomba in just a bit.

The History

Before we go any further, we need to step back in time and take a look at IST and their activiites. Integrated Search Technologies had several adware applications including ISTBar, Slotch, SideFind, YourSiteBar and xxxToolbar. IST had a long history within security circles for the dubious installation practices and security issues of their various products as well as installing numerous other adware applications stealthily through their own adware (see the above links to search results for each adware application). Tactics ran the gamet from server hacks to install the software to security exploits. The Center for Democracy and Technology filed a complaint regarding IST’s installation practices. CIPPIC (Canadian Internet Policy and Public Interest Clinic) filed a similar complaint with both the FTC and Competition Bureau. In October of 2005, Zango announced they were terminating their distribution relationship with IST over ActiveX installation practices of the 180Solutions software. These are just a few examples the issues well documented in the past regarding IST’s practices and products.

Has IST given up completely on the adware under the IST umbrella? Maybe not appears to be the answer.

SlotchBar InstallThis is a sceenshot (click image to enlarge) taken from an installation video I made on March 7, 2007 (full documentation on file). The web site I captured this from is owned by Integrated Search Technologies. I’ve blurred out all references to the domain since an installation automatically starts and I know someone would go to the link just to see. Again, just loading the URL into the browser causes the installation to begin. I have yet to actually click on the “Install” button in the dialogue box, but you will see the message in the browser’s status bar I’ve circled in red stating “Installing components…..” I doubt many would consider this a friendly installation. It is exactly the type of behavior that IST has been heavily criticized for in the past. In fact, the flash image behind the dialogue window outlining the steps to take to install around XP SP2 security features is “advertising” IST has also been criticized for as deceptive to the end user.

Did Slotch toolbar fully install during this test? It appears it didn’t. But a cab file definitely did install which contained a .dll file. The screen shot below shows IST Install Class file in the Download Program Files post installation.

IST HijackThis  

It would seem that if IST had indeed completely abandoned the IST software, in favor of the software now being distributed under MediaTraffic, that ActiveX installation techniques would be taken off their sites and any installation files would be removed from their server. This is not the case. What is the point of continuing to install any files on the end users computer? Without much difficulty we were also able to find other sites which yielded very similar installations.

The Connection

Are Integrated Search Technologies and MediaTraffic the same people? The connections isn’t to hard to make. A quick Whois search gives you the following:

MediaTraffic Whois  
IST Whois

The Whois information looks the same to me. And it is the same information I have from a Media Traffic business card I picked up at Affiliate Summit. While the domains are on different IP addresses, both IP’s are within a Net Range registered to GammaEntertainment, which appears to be the true incorporated company over the other company names which are operated under. Whois History records also show the web site having as Name Servers in the past. Whois History records also show web site having as Name Servers in the past.

More intesting is that the first record in Whois for showing Media Traffic Agency as the Registrant is June of 2005. This would be around the same time that criticism of IST was coming to a head. The last updated Whois record for was also June of 2005.

Reborn and Reformed?

Did IST see the errors of their ways when the brown stuff really started hitting the fan and reform under the name of Media Traffic? Is MediaTraffic intending to make a new start of it and play nicely in the world of adware? Or were the changes more about establishing a new identity once your reputation has become soiled? There have certainly been other companies who have undergone name changes when their reputations have become less than stellar. Those are all questions that only time will probably tell.

Regardless of their motivations, past history does, and should, go to the question of the business philosophy of a company and what practices they may or may not be willing to engage in. How has Media Traffic behaved under that company name?

The first application they came out with under Media Traffic umbrella was SurfAccuracy. A quick review of the search results of SurfAccuracy doesn’t show the brightest picture. The software is flagged by numerous security companies, there are reports of dubious installations and even reports of keyword logging of the terms used by consumers when they perform searches. The SurfAccuracy software is still active and available for download from at least their web site.

But SurfAccuracy is not the software being proclaimed on the Media Traffic web site any longer. It’s their Vomba software and their Vomba Network of content sites where the software is distributed. In fact SurfAccuracy software isn’t even metioned anymore on the Media Traffic site. Did Media Traffic develop completely different application (Vomba) as the reputation of SurfAccuracy became tarnished and flagged by security companies? Actually, no. It doesn’t appear so.

Rather it appears they just tweaked the SurfAccuracy software and rebranded it as Vomba. Below are two screen shots taken from my packet logs. These are from the calls the software sends out to Media Traffic in preparation to deliver a pop-up through the software. I’ve blurred out the information that isn’t relevant to the point being made.

SAC sniffer

You will notice the Host is and the User-Agent is SAcc (denoting SurfAccuracy). The sac (again abbreviations denoting SurfAccuracy) is 799 and the ver (verison) is 1190.

Vomba Sniffer

Here the Host is and the User-Agent is Vomba. The sac (again abbreviations denoting SurfAccuracy) is 999 and the ver (verison) is 1020000.

We should also mention that while we show different Hosts for the different software calls to their servers, our logs indicate the same IP address. What we appear to have is the same software only running under different verisons. Then there is the VombaCash web site which is supposed to be coming sometime this month (March 2007).

If you go to

While Media Traffic makes no references to SurfAccuracy or IST on their web site (I don’t think I can blame them for doing that), they do make a point about the ethics of their network. The Media Traffic web site states (bolding by me):

Vomba Network does not collect any user identifiable information nor does it collect any browsing or purchasing history.

They may not collect all browsing by the end user, but they definitely collect some browsing. Part of the POST information that goes back the Media Traffic servers every time the end user visits a page that could possibly trigger a pop is a domain and URL parameter. These two parameters combined are the full URL of the page currently being visited by the end user. This information is passed even when the Media Traffic servers come back with the command that there are currently no pop-ups to show. I call that collecting browsing history, at least in part.

They further state (again bolding by me):

Leading the industry in ethical distribution, Vomba Network creates, hosts and distributes its own products eliminating third-party distributors.

Now this certainly seems like a step in the right direction, especially considering the past history regarding installations of all the IST products and Surf Accuracy. But when we head over to Vomba Network, we find this greeting us on the front page:

Webmasters can offer great content to their Visitors and even generate revenues from the distribution of the Vomba promoted content with Vomba.

What??? I thought they had eliminated third-party distributors. Maybe they don’t call that third-party distribution?  If you visit any of their own content web sites where Vomba is distributed, such as Vomba, you’ll find a link for “Affiliates” in the footer that links to VombaCash. Ok..maybe they are just planning on having banners through their affiliate program that link to Vomba owned web sites. But the part above about webmasters offering great content to their visitors has me wondering. Maybe some would consider a link to Vomba on their site adding great content, but so would having the actual content (such as the bundled screensaver) to offer up on your web site. That seems more in lines with providing webmasters with content. And that brings us right back to third party distribution. Something the folks over at Media Traffic haven’t exhibited a great deal of success controlling in the past.

There is at least one company evidently believes Media Traffic has reformed their ways, TRUSTe.  TRUSTe has come under criticism themselves for some of the web sites they have certified for their Privacy Seal. Some may remember the questions raised by Ben’s report. Carolyn Hodge, from TRUSTe, then answered fourteen questions posed by Wayne Porter arising from the controversy. In her responses, Carolyn mentions the Download Certification program that was then in the development, which would look at and certify the actual downloaded software. This would be a rigorous process and would be separate from their Privacy Policy certification.  

The Download Certification Program is now in beta and TRUSTe released their first list of “white listed” applications. Vomba was one of the two adware applications white listed by TRUSTe. They are very specific in that it is Vomba which has received their certification. And the company given for the software is Vomba Network, Inc (not even Media Traffic).

But will consumers who see this seal make certain assumptions? The whole point of the certification is to assist consumers in feeling “safe” while on the Internet is it not? How would a consumer feel towards downloading and installing a Vomba screen saver if they were aware of the who “Vomba Network” really is and their past history and behavior with regards to downloadable software? How many consumers would then feel it was a “Trusted” download?

But maybe more to the point, the consumer has little to do with the true nature of the Download Certification Program. From the front page of the Download Certification area on TRUSTe:

Trusted Download is a whitelist for businesses to direct advertising dollars and distribution opportunities to downloadable desktop software which demonstrates informed consumer choice, doesn’t exhibit surreptitious activities and gives control to users.

The white list is a place for businesses to direct advertising dollars and distribution opportunities to downloadable desktop software. Ok, it’s about clearing an application for advertisers to market through. Yet I wonder, would advertisers also be interested in all the past history? Would it factor into media buy decision for advertisers who do care about such things?

Or should adverisers and consumers be aware that maybe TRUSTe doesn’t factor past behavior into their certification process, but only what they are concretely seeing at the present.

It does come down to whether or not you believe past behaviors have been reformed and Media Traffic is committed to change. I personally need more time and need to see more information coming out from security companies (or the lack of it).

Regardless, I still have strong issues with the Media Traffic model in general. I am far from impressed they are marketing their services (the contextual pop-up delivery) to affiliates. I have already documented and reported on several affiliates buying ad inventory through Media Traffic on the AFP Subscription Service. These involved affiliates targeting their Merchant partners’ domains (at times including the shopping cart URLs) and automatically invoking their affiliate tracking to garner a commission. This is behavior I will always oppose for those engaging in the practice and those facilitating it. This is probably a good reminder that those issuing “certifications” outside of our indusry may well have little bearing on what is acceptable or not withing our own Industry’s perception of Best Practices.


  1. […] Anyway, Kellie Stevens, president of, does a comprehensive job of sniffing out an adware giant that hasn’t gone away but simply rebranded itself. […]

    Pingback by RevenueToday » Head Space — March 27, 2007 @ 11:24 am

  2. […] Media Traffic’s contextual adware application, Vomba, has been delisted from TRUSTe’s White List of downloadable software. According to the announcement made on TRUSTe’s blog, the delisting was at the request of Media Traffic. It seems that Media Traffic decided it was not cost effective to maintain their certification, especially now that their affiliate program for Vomba installation is live. Part of the certification process involves demonstrating your distribution network is being compliant with installation methods. The TRUSTe blog also states that they were in the process of investigating how closely other companies under the same corporate umbrella were tied to Vomba and Media Traffic. Could they mean Integrated Search Technologies? […]

    Pingback by » Vomba (MediaTraffic) Delisted From TRUSTe White List — June 28, 2007 @ 2:18 pm

  3. Still engaged in weird online activity, where merchants report having their visitors redirected through affiliate links and then redirected back

    Comment by ppknight — April 19, 2010 @ 11:57 am

  4. Wow, that post failed to do the site any justice.

    Comment by Alton Valla — April 8, 2011 @ 6:24 pm

  5. Very interesting blog I must say. The words you say are generally right, but I do not agree on everything you write.
    I will be back to see what else you have to say and what the reaction of other people on your blog is. Keep up the good work.

    Comment by Margaret Wagenblast — January 22, 2012 @ 6:19 am

  6. I like it. I am hunting into diverse approach

    Comment by Sun Agni — May 6, 2012 @ 1:35 am

  7. It really is amazing to locate out that we’ve been even now reading via the other. Thank you for record myself! Cheers

    Comment by Spencer Thornbrough — May 15, 2012 @ 1:59 am

  8. By the way, specifically how ought to we keep in touch?

    Comment by Ethelyn Tumlin — July 19, 2012 @ 10:24 pm

  9. We even now do not comprehend that significantly Cheerleading Music Mix

    Comment by Aura Prust — July 20, 2012 @ 1:28 am

  10. This internet web site gives a lot of quite beneficial news into it!

    Comment by how to tighten your virgina — August 21, 2012 @ 11:51 pm

  11. Appreciate your taking the time to talk about this type of, I seriously knowledge strongly concerning it and luxuriate in learning on this subject.

    Comment by Curtis Strayer — September 14, 2012 @ 12:25 am

  12. can you thoughts modernizing your site with increased specifics? It’s extremely valuable for us.

    Comment by search engine journal — September 22, 2012 @ 5:53 am

  13. facts. I am just bookmarking and can be tweeting this precise so as to our fans! Wonderful weblog and great style and style.

    Comment by motor club — November 18, 2012 @ 6:03 am

  14. Thanks for this and right now I am conscious locating great issues later on

    Comment by Elektricien — January 17, 2013 @ 9:27 am

  15. We’ve applied to your existing blogroll and nevertheless have spot your switch on my tiny weblog facet

    Comment by Cleveland Carpet Cleaning — July 23, 2013 @ 5:36 pm

  16. My partner and i?meters gonna ubscribe for your nourish. Let me take pleasure in inside the occasion you proceed this in the future.

    Comment by shop at Sports Direct — August 8, 2013 @ 9:25 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>