WhenU "Partner" Pushes "Myspace" Videos in P2P Land


It's not often you find an affiliate of WhenU doing something that could be viewed as out-and-out deceptive, so this is a very interesting find indeed. Especially considering they do not have affiliates, at least affiliates in the "traditional sense" according to our Sr. Director of Greynets Research- Wayne Porter, who specializes in online economic models. His answer upon a quick analysis of the initial research:

It is a given WhenU has made a number of improvements from their past practices, and that is critical for setting an example. However, we take history into account and also look at what we see today. You will note they proclaim quite clearly, "No affiliate distribution, because it's impossible to police." This is wise. WhenU understands unchecked partner models leads to dangerous relationship sprawl and in the end you tar and feather your own brand and hurt people.
What is strange is the next bullet point "All distribution partners are monitored and must adhere to our strict guidelines; zero tolerance for infractions. (Porter notes this link here.) I would have to ask, from a commerce perspective- how do they monitor them, how do they vet them, what metrics are used to determine inappropriate and appropriate behavior and what is the difference between affiliate and partner? This case seems to be confusing to the end user- is this acceptable? Is this the experience they demand of their partners?
In this case the distribution partner does not appear to be an affilate per the classic definition. I think it is a good question and would welcome dialogue from Bill Day on how they differentiate between an affiliate and a distribution partner. Clearly the program is being distributed via third parties and one would reasonably assume on cost-per-action or a split revenue basis, or a hybrid deal- that part remains unclear- but the revenue model drives behavior- we know that from field research. If Bill Day is willing to participate I am willing to prepare some questions for him if he would like to go on record about the policies and the reality of how they are put into action. The usual rules of engagement for dialogue of course."

Back to the case at hand...

During research my colleague Peter was probing for Myspace themed files in P2P land, and while using Bearshare, he came across a file called "Myspace". A movie file, no less. Would be it contain Emo kids singing in a garage? Thirty-somethings complaining because none of their friends use Myspace to network?

Nope. In fact, the answer is a little stranger than that. First of all, check out the nice popup you see when firing up the movie for the first time:

Click to Enlarge

...wait, DRM*? Isn't that what we kept hearing about during the Zango / Myspace fiasco? Could this mean some type of "software" is on the way? It sure could...

Click to Enlarge

At this point, I'm sure of two things:

1) The Adware involved in this case is WhenU
2) I have absolutely no idea what "ETE" is, nor why I would want it.

Still, the file is called "Myspace" and we all know Myspace is cool, right? So a Myspace moviefile is going to be even cooler. Isn't it?

Well, no.

This is where things get really confusing for the end-user, because so far they have:

* Gone onto a file sharing network and downloaded a movie file called "Myspace"
* Been presented with a DRM popup relating to WhenU Adware, and told this is needed to install "ETE" despite not being informed of what ETE actually is. Note the popup mentions the install is from a website, when it's clearly from P2P.

At this point, pressing the Continue button will prompt the end-user to download an executable file:

Click to Enlarge

Eventually (after a period of complete inactivity on the desktop), you see this:

Click to Enlarge

...and we finally discover what ETE is - some kind of free entertainment center. Great, except it doesn't even appear to be on the system. Maybe it's one of those new invisible models I've heard so much about? Perhaps they have Romulan cloaking technology or something.

Anyway - after giving up looking for the mystical "ETE", the confused end-user will run the moviefile. They're presented with....the adultfriendfinder website and, er, some dancing bacon. Seriously:

Click to Enlarge

Why? No idea. Anyone see what this has to do with Myspace yet?

Our motto at the FaceTime lab is to try not to leave any stone unturned, so I wasn't prepared to let this mystery go. After some digging, it turns out that ETE is not a standalone application - it's actually a website:

Click to Enlarge

This site lets you download applications from another site, called Binartisan.com. According to a Whois lookup, both sites are registered to someone in Taiwan. The download section of the Binartisan site contains many, many installers for games, screensavers and other programs:


Most of these are WhenU installers - it doesn't take a great leap of the imagination to realise that the affiliate, or partner (depending on nomenclature) here is likely the same person distributing these files in P2P land under the name "Myspace". Of course, naming them after the number one Social Networking site on the web (when the files themselves have absolutely nothing to do with Myspace) is altogether more problematic. Some might even call it deceptive.

I think I'll suggest Wayne add that to his question list.

*Notes on DRM: Any technology used to protect the interests of owners of content and services (such as copyright owners). Typically, authorized recipients or users must acquire a license in order to consume the protected material?files, music, movies?according to the rights or business rules set by the content owner.

Research Summary Write-Up: Chris Boyd, Director of Malware Research
File Discovery: Peter Jayaraj, FSL Threat Researcher
E-commerce Policy Research Evaluation: Wayne Porter, Senior Director Greynets Research.

About this Entry

This page contains a single entry by Christopher Boyd published on August 28, 2006 10:55 AM.

Gromozon: Rootkits, Adware and More... was the previous entry in this blog.

Bl4ck: Coming Soon to a Hacked Page Near You is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.