Courtesy of Matt Marshall, I was asked to contribute an article to VentureBeat. You can read my article, “Why do we pay Internet Bad Guys?,” in its entirety over there or below. Matt has some really great stuff on VentureBeat, so go check it out!
Two weeks ago Auren wrote a dead-on post about the Black Hat Tax that really struck a chord with me. I’ve been paying the Tax for five years with my first company, EveryDNS, and for a few months now with my current start-up, OpenDNS. The problem has become much worse in the last few years. Why? Simply put, bad guys are getting paid. Moreover, the Tax is on users as much as its on businesses. Today we see phishing sites, malware and spyware sites growing at an astounding rate.
Consider the example I cite often when discussing the issue with friends: goggle.com (see image below; not providing a link, bad site), the site that might be the most insidious of all typo squatting and malware sites on the Internet. Goggle.com, an obvious typo of google.com, offers an anti-spyware product called SpyBouncer in addition to being filled with pop-up ads (nb: SpyBouncer claims the copyright on the bottom of goggle.com). The website makes a user believe that their computer is currently infected with spyware and that installing SpyBouncer will get rid of it. They say it’s free to try and the program conveniently finds spyware which it will remove for a price, of course.
Symantec and others all claim that this product is a total scam and that it neither detects nor repairs spyware with any accuracy. Thanks to the accidental traffic that lands on goggle.com by unsuspecting users, SpyBouncer has no incentive to make a good product, they can just fool a new batch of users everyday.
Why does a site like goggle.com exist? Because crime pays, but that’s hardly news. Why it doesn’t get shut down by its webhost (DataPipe) is a good question for another time. What I do want to know is… why is SpyBouncer allowed to run Google ads on its Web site (as they do on the top)? Why are these kinds of abusive software programs allowed to purchase AdWords campaigns luring even more users into this trap? Why is Revenue.net paying SpyBouncer to show ads on goggle.com? Why is Google accepting money from fraudulent advertisers which continues the cycle of malware and spyware? This is why users react so negatively to online advertising. It’s not the relevant and unoffensive advertising that they bemoan, it’s the scams and tricks the advertisers and advertising networks spread around the seedier neighborhoods of the Internet.
These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com.
It’s time that ad networks cleaned up their act and started being more transparent about fraud and abuse. It’s time security companies started fighting the causes of network abuse and not simply the symptoms. There will always be a Black Hat Tax but right now legitimate companies are making it more expensive. That has to stop.
Guillaume Castel
If goggle.com is “a total scam”, why doesn’t OpenDNS block it, the way it blocks phishing sites?
posted on September 15th, 2006 at 6:52 am
David Ulevitch
(Copied from my response to the same question on VentureBeat)
Guillaume,
Right now we’ve taken the giant leap of providing users with choice and control in managing their DNS, something that has never existed before and that people are quickly realizing they want. In launching, we started with some basic and fundamental features like typo-correction and phishing protection. In response to things happening on the Internet, we’ve added additional features to deal with issues like the Cameroon typo-squatting debacle.
I didn’t know about goggle.com until after we launched when one of our users wrote in to tell us about it. We’re familiar with the nasty side of the Internet but goggle.com was particularly annoying for all the reasons I point out in the article and more. You can bet we’ll be adding in the tools and features so that you can best decide how you want sites like goggle.com handled on your part of the Internet.
Best advice: stay tuned to our blog for updates.
posted on September 15th, 2006 at 10:22 am
Matt Bracewell
I’m nowhere near well qualified enough in these matters to ask why anybody overly concerned about obviously squatted domains doesn’t just edit their own hosts file?
Cue intricate discussion of techie stuff which 70% of us won’t understand…
posted on September 15th, 2006 at 6:37 pm
nate
dude, i’m to sick and tired to fully think about your statement but i do have to say that i admire you in a massive way. you believe strongly against something and you don’t even seem to see a choice, it’s fight fight fight for what IS right. all i have to say is ROCK THE **** ON MAN!!!! i admire any one who fights for what they believe is right… as long as their not retarded and fighting for the rights of popcorn or something even more retarded lol.
fight the fight and change life.
nate
posted on October 5th, 2006 at 4:55 am
Some_Yahoo
seems to me from the WHOIS record for goggle that Network Solutions might be able to help here as well.
—
Visit AboutUs.org for more information about GOGGLE.COM
Registrant:
Knowledge Associates
ATTN: GOGGLE.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA. 20172-0447
Domain Name: GOGGLE.COM
Administrative Contact, Technical Contact:
Associates, Knowledge u498u29g3z9@networksolutionsprivateregistration.com
ATTN: GOGGLE.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
570-708-8780
Record expires on 13-Feb-2012.
Record created on 14-Nov-2003.
Database last updated on 6-Mar-2007 18:36:07 EST.
Domain servers in listed order:
NS1.DATAPIPE.NET
NS2.DATAPIPE.NET
This listing is a Network Solutions Private Registration. Mail
correspondence to this address must be sent via USPS Express Mail(TM) or
USPS Certified Mail(R); all other mail will not be processed. Be sure to
include the registrant’s domain name in the address.
posted on March 6th, 2007 at 3:50 pm
anonymous
David,
It’s been 7 months since you wrote this and opendns is still not blocking goggle.com
WHY?
Please, just do everybody a favor and block it already!
Are you scared of getting sued by the bad guys?
If you do what’s right, it will probably get a lot of publicity and everybody on digg.com, reddit.com, slashdot.com, etc. will start talking about how cool opendns.com is again.
Letting this go for so long is a big mistake and a disservice.
At the very least put up a redirect to a warning page giving users a choice to go to google.com which is most likely 99% the intended destination.
Isn’t this what opendns is supposed to be protecting people from?
Isn’t this at the very top on the bad guys list who need to be taken out?
Thank you for offering opendns as a free public service.
I’m just very upset by this whole issue because I have recently had to do some really nasty clean ups of virus and spy/malware infections from people who accidentally went to goggle.com, in one case it was so bad it was easier to just back up the data and use the system restore CD!!!
These people need to be put in jail, have huge punitive fines and charged with felony fraud and cybercrimes, just like any other virus or worm writer. They need to be put out of business!
Thanks for your time and to clarify, I am not mad at you or opendns, I’m just angry about the fact that, as you put it, so many people are so concerned with getting their little piece of the money pie that they don’t care it’s dirty money, it’s organized crime is what it is!!! It’s a massive criminal syndicate. These scoundrels need to be hit hard, where it hurts and taught a lesson that the Internet community will not stand idly by and put up with their antics. You have already started to shine a light on this subject, but you have a massive weapon that can be used to really hurt these guys, so please use it! You will be a hero and everybody will thank you and love you for it. So, don’t even think about it, just go into your DNS server and modify the DNS records.. it will take all of 30 seconds of work, so just do it!!!
posted on April 11th, 2007 at 10:36 pm
Shaffer
I saw something about this on the news recently (I’ll try to look it up on Google.), but I think the info here is really good too.
posted on April 4th, 2009 at 11:47 pm