Last week I saw a couple of news stories pop up at Netscape about spyware/adware being distributed through ads on MySpace. There was the story of a banner ad that used Osama bin Laden’s face on the body of a model in a bikini to advertise a spyware infested toolbar from a company called Starware. Then there was the report that another banner ad was exploiting a Windows security flaw to infect more than one million machines. The discussion went back and forth with one side saying that MySpace is responsible and should check its advertisers and another side saying that it is impractical to do so. That debate assumes MySpace wasn’t complicit in the whole business of distributing spyware. But then later in the comments there were links posted to reports by Jason Miller at WebProNews and Trent Lapinski that include details on the sordid past of the MySpace founders. It seems they previously ran companies that were big into spam and spyware/adware distribution.
MySpace may not be particularly important or interesting to many people, but if even a modest fraction of the more than 80 million (and growing) members are legit, this is a vast enterprise. And if they are engaged in distributing spyware/adware/malware the impact could be large and widespread. It is easy to make the assumption that when an enterprise gets very large they are, or at least attempt to be, legit. That feeling is based on the idea that now that they are so big they have much to lose. But it is a bad assumption as we have seen with the vast corporate corruption and greed demonstrated in recent years (Enron, WorldCom). Alan Greenspan, the former head of the Federal Reserve Board, once said while testifying before congress, “It isn’t that people are greedier now than in the past. It’s just that there are so many more ways to express their greed now days”. Vast distribution networks of spyware/adware are yet another way for some to express their greed.