• Share on FacebookTweet about this on TwitterShare on Google+Email this to someone

The Rebirth Of Integrated Search Technologies (ISTBar/Slotch/et al)

And the award for the best rebranding of a company goes to……Media Traffic. It’s not just a renaming of a company, but also a shift in their business model. Where the Integrated Search Technologies (IST) products were toolbars, Media Traffic appears to be looking to become a direct contender with Zango.

Media Traffic’s current adware applications, Vomba and SurfAccuracy, are contextual pop-up applications, like Zango. They allow advertisers to bid and buy CPV (cost per view) inventory based on triggers (keywords, URLs, searches) like Zango. Their adware is currently being distributed across the Vomba Content Network, where end-users get access to things such as free screensavers in exchange for installing the Vomba adware. Once more like Zango. We’ll get more into the distribution of Vomba in just a bit.

The History

Before we go any further, we need to step back in time and take a look at IST and their activiites. Integrated Search Technologies had several adware applications including ISTBar, Slotch, SideFind, YourSiteBar and xxxToolbar. IST had a long history within security circles for the dubious installation practices and security issues of their various products as well as installing numerous other adware applications stealthily through their own adware (see the above links to search results for each adware application). Tactics ran the gamet from server hacks to install the software to security exploits. The Center for Democracy and Technology filed a complaint regarding IST’s installation practices. CIPPIC (Canadian Internet Policy and Public Interest Clinic) filed a similar complaint with both the FTC and Competition Bureau. In October of 2005, Zango announced they were terminating their distribution relationship with IST over ActiveX installation practices of the 180Solutions software. These are just a few examples the issues well documented in the past regarding IST’s practices and products.

ISTBar Installation

Has IST given up completely on the adware under the IST umbrella? Maybe not appears to be the answer. This is a sceenshot (click image to enlarge) taken from an installation video I made on March 7, 2007 (full documentation on file). The web site I captured this from is owned by Integrated Search Technologies. I’ve blurred out all references to the domain since an installation automatically starts and I know someone would go to the link just to see. Again, just loading the URL into the browser causes the installation to begin. I have yet to actually click on the “Install” button in the dialogue box, but you will see the message in the browser’s status bar I’ve circled in red stating “Installing components…..” I doubt many would consider this a friendly installation. It is exactly the type of behavior that IST has been heavily criticized for in the past. In fact, the flash image behind the dialogue window outlining the steps to take to install around XP SP2 security features is “advertising” IST has also been criticized for being deceptive to the end user. Did Slotch toolbar fully install during this test? It appears it didn’t. But a cab file definitely did install which contained a .dll file. The screen shot below shows IST Install Class file in the Download Program Files post installation.

ISTBar HijackThis

It would seem that if IST had indeed completely abandoned the IST software, in favor of the software now being distributed under MediaTraffic, that ActiveX installation techniques would be taken off their sites and any installation files would be removed from their server. This is not the case. What is the point of continuing to install any files on the end users computer? Without much difficulty we were also able to find other sites which yielded very similar installations.

The Connection

Are Integrated Search Technologies and MediaTraffic the same people? The connections aren’t hard to make. A quick Whois search gives you the following:

IST Whois

MeidaTraffic Whois

The Whois information looks the same to me. And it is the same information I have from a MediaTraffic business card I picked up at Affiliate Summit. While the domains are on different IP addresses, both IP’s are within a Net Range registered to GammaEntertainment, which appears to be the true incorporated company over the other company names which are operated under. Whois History records also show the MediaTraffic.com web site having GammaNetworking.com as Name Servers in the past. Whois History records also show IntegratedSearchTechnologies.com web site having GammE.com as Name Servers in the past. More intesting is that the first record in Whois for MediaTraffic.com showing Media Traffic Agency as the Registrant is June of 2005. This would be around the same time that criticism of IST was coming to a head. The last updated Whois record for IntegratedSearchTechnologies.com was also June of 2005.

Reborn and Reformed?

Did IST see the errors of their ways when the brown stuff really started hitting the fan and reform under the name of MediaTraffic? Is MediaTraffic intending to make a new start of it and play nicely in the world of adware? Or were the changes more about establishing a new identity once your reputation has become soiled? There have certainly been other companies who have undergone name changes when their reputations have become less than stellar. Those are all questions that only time will probably tell. Regardless of their motivations, past history does, and should, go to the question of the business philosophy of a company and what practices they may or may not be willing to engage in.

How has MediaTraffic behaved under that company name? The first application they came out with under MediaTraffic umbrella was SurfAccuracy. A quick review of the search results of SurfAccuracy doesn’t show the brightest picture. The software is flagged by numerous security companies, there are reports of dubious installations and even reports of keyword logging of the terms used by consumers when they perform searches. The SurfAccuracy software is still active and available for download from at least their web site. But SurfAccuracy is not the software being proclaimed on the MediaTraffic web site any longer. It’s their Vomba software and their Vomba Network of content sites where the software is distributed. In fact SurfAccuracy software isn’t even metioned anymore on the MediaTraffic site.

Did MediaTraffic develop completely different application (Vomba) as the reputation of SurfAccuracy became tarnished and flagged by security companies? Actually, no. It doesn’t appear so. Rather it appears they just tweaked the SurfAccuracy software and rebranded it as Vomba. Below are two screen shots taken from my packet logs. These are from the calls the software sends out to MediaTraffic in preparation to deliver a pop-up through the software. I’ve blurred out the information that isn’t relevant to the point being made.

SurfAccuracy Sniffer File

You will notice the Host is surfaccuracy.com and the User-Agent is SAcc (denoting SurfAccuracy). The sac (again abbreviations denoting SurfAccuracy) is 799 and the ver (version) is 1190.

Vomba Sniffer File

 

 

Here the Host is services.vombanetwork.com and the User-Agent is Vomba. The sac (again abbreviations denoting SurfAccuracy) is 999 and the ver (version) is 1020000. We should also mention that while we show different Hosts for the different software calls to their servers, our logs indicate the same IP address. What we appear to have is the same software only running under different versions.

Then there is the VombaCash web site which is supposed to be coming sometime this month (March 2007). While MediaTraffic makes no references to SurfAccuracy or IST on their web site (I don’t think I can blame them for doing that), they do make a point about the ethics of their network. The MediaTraffic web site states (bolding by me):

Vomba Network does not collect any user identifiable information nor does it collect any browsing or purchasing history.

They may not collect all browsing by the end user, but they definitely collect some browsing. Part of the POST information that goes back the MediaTraffic servers every time the end user visits a page that could possibly trigger a pop-up is a domain and URL parameter. These two parameters combined are the full URL of the page currently being visited by the end user. This information is passed even when the MediaTraffic servers come back with the command that there are currently no pop-ups to show. I call that collecting browsing history, at least in part.

They further state (again bolding by me):

Leading the industry in ethical distribution, Vomba Network creates, hosts and distributes its own products eliminating third-party distributors.

Now this certainly seems like a step in the right direction, especially considering the past history regarding installations of all the IST products and Surf Accuracy. But when we head over to Vomba Network, we find this greeting us on the front page:

Webmasters can offer great content to their Visitors and even generate revenues from the distribution of the Vomba promoted content with Vomba.

What??? I thought they had eliminated third-party distributors. Maybe they don’t call that third-party distribution? If you visit any of their own content web sites where Vomba is distributed, such as Vomba, you’ll find a link for “Affiliates” in the footer that links to VombaCash. Ok..maybe they are just planning on having banners through their affiliate program that link to Vomba owned web sites. But the part above about webmasters offering great content to their visitors has me wondering. Maybe some would consider a link to Vomba on their site adding great content, but so would having the actual content (such as the bundled screensaver) to offer up on your web site. That seems more in line with providing webmasters with content. And that brings us right back to third party distribution. Something the folks over at MediaTraffic haven’t exhibited a great deal of success controlling in the past.

Certification

There is at least one company who evidently believes MediaTraffic has reformed their ways, TRUSTe. TRUSTe has come under criticism themselves for some of the web sites they have certified for their Privacy Seal. Some may remember the questions raised by Ben’s report. Carolyn Hodge, from TRUSTe, then answered fourteen questions posed by Wayne Porter arising from the controversy. In her responses, Carolyn mentions the Download Certification program that was then in the development, which would look at and certify the actual downloaded software. This would be a rigorous process and would be separate from their Privacy Policy certification. The Download Certification Program is now in beta and TRUSTe released their first list of “white listed” applications.

Vomba was one of the two adware applications white listed by TRUSTe. They are very specific in that it is Vomba 1.2.0.0 which has received their certification. And the company name given for the software is Vomba Network, Inc (not even MediaTraffic). But will consumers who see this seal make certain assumptions? The whole point of the certification is to assist consumers in feeling “safe” while on the Internet is it not? How would a consumer feel towards downloading and installing a Vomba screen saver if they were aware of the who “Vomba Network” really is and their past history and behavior with regards to downloadable software? How many consumers would then feel it was a “Trusted” download? But maybe more to the point, the consumer has little to do with the true nature of the Download Certification Program. From the front page of the Download Certification area on TRUSTe:

Trusted Download is a whitelist for businesses to direct advertising dollars and distribution opportunities to downloadable desktop software which demonstrates informed consumer choice, doesn’t exhibit surreptitious activities and gives control to users.

The white list is a place for businesses to direct advertising dollars and distribution opportunities to downloadable desktop software. Ok, it’s about clearing an application for advertisers to market through. Yet I wonder, would advertisers also be interested in all the past history? Would it factor into media buy decision for advertisers who do care about such things? Or should adverisers and consumers be aware that maybe TRUSTe doesn’t factor past behavior into their certification process, but only what they are concretely seeing at the present. It does come down to whether or not you believe past behaviors have been reformed and MediaTraffic is committed to change. I personally need more time and need to see more information coming out from security companies (or the lack of it).

Regardless, I still have strong issues with the MediaTraffic model in general. I am far from impressed they are marketing their services (the contextual pop-up delivery) to affiliates. I have already documented and reported on several affiliates buying ad inventory through MediaTraffic. These involved affiliates targeting their Merchant partners’ domains (at times including the shopping cart URLs) and automatically invoking their affiliate tracking to garner a commission (cookie stuffing). This is behavior I will always oppose for those engaging in the practice and those facilitating it. This is probably a good reminder that those issuing “certifications” outside of our indusry may well have little bearing on what is acceptable or not withing our own Industry’s perception of Best Practices.

It's only fair to share...
Share on FacebookTweet about this on TwitterShare on Google+Email this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *