Adware Purveyors Panning for Search Gold

by

Share this news now.

SnappyAdz money noose

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

We know most adware companies are shameless in their pursuit of revenue, but it’s been a while since we’ve seen anything as bizarre (or hilariously bold) as the sales pitch from a relative neophyte to the world of adware, which calls itself SnappyAds. On its homepage, SnappyAds posits the hypothetical glee of two business-suited online ad men counting the thousands of dollars they’ve allegedly earned from their allegedly lucrative venture.

Behind the SnappyAds facade, however, is an adware client we (and a few other AV companies) call SearchPan. The installer for the adware client application is hosted on SnappyAds’ webserver, and it modifies both the IE and Firefox browsers to add code which redirects searches through a number of search engines of dubious distinction.

There really isn’t a whole lot to discuss technically about SnappyAds. It really only came to our attention because the Threat Research group as a whole just couldn’t stop laughing when we all saw the pictures of the guy leaning back in his cushy leather chair counting out his Benjamins. They do arrive, as SnappyAds claims, by the ton. So make sure you invest in a forklift before you sign up as a SnappyAds affiliate. You’ll need one to move your palette-loads of cash.

Seriously, what is going on with all the bling bling on this page? And does anyone else think the guy in front has an uncanny resemblance to actor Ray Wise, who plays the devil on the TV show Reaper?

Do these guys think they’re fooling anyone? ‘Cause everyone knows that adware affiliates don’t typically get paid with wads of cash.

When you dig deeper and read the text on the page, though, you get even more laughs. Text like

Blow anything?

Blow anything?

“blow anything … away.”

Maybe someone could explain the hundred dollar bill that appears to be roped up in a hangman’s noose. Someone also should tell them that the poor coding of the image frames on their page makes their logo look like the company is called “Slappyadz.” That’s actually far more appropriate.

20090327_snap_slappy

Infected machines with Firefox installed may notice that their chosen search engine has been replaced with one of the engines “promoted” by Slappy…er, SnappyAds. In this case, the engine is called Yoog! (with the exclamation point). I don’t know exactly what Yoog! is; perhaps it’s meant to imply it’s some sort of a mutant hybrid of Google and Yahoo. I always thought such an engine would be called Googoo, but that’s just me.

20090327_snap_yoog_logo

The modified Firefox search field will have a different name in it; you can just choose your old search engine from the dropdown menu.

Yoog! search field in Firefox

Yoog! search field in Firefox

SnappyAds’ client also includes an uninstallation program, but it makes you jump through hoops before you can remove the product this way: It demands that you type in the text that displays in the box that appears when you run the uninstaller.

SnappyAdz uninstaller

SnappyAdz uninstaller

I looked up the corporate information about Danube International, Inc., the “parent company” of SnappyAds listed at the bottom of the page. Here’s Google’s Streetview image of their corporate headquarters.

20090327_snap_danubeintlinc_googmap_sv1

Hey, even Google started in a garage.

All in all, a very classy product. I can’t wait to

20090327_snap_startmakingmoney

…get rid of it.


Share this news now.
Adware Purveyors Panning for Search Gold by