The Right Way, The Wrong Way

| | Comments (0)

Generally, if you employ an outside agency to advertise / promote / generally do things with your site in relation to potential visitors, you need to have a good idea of the methods employed by that company. I've had quite a few emails through from people who received something similar to the following:

"Subject: Advertising Inquiry

We have reviewed your blog on behalf of one of our
clients that would be interested in placing advertising with you.

Client profile :
DoingFine (
New project (<1 month old) Theme A forum dedicated to those things that came out right and worked out fine.

We'd like either a 150x150 button, 160x600 skyscraper or 468x60 full banner (or footer). Alternatively, we may be interested in text-only advertising.

This would be a weekly, monthly or yearly arrangement. In either case we will require a one time, one day (24 hours) free placement in order to test the quality and quantity of traffic your website can actually provide*. Within this interval, we will make a final determination, based on the traffic volume, quality, and your asking price. Should we find your terms acceptable, this trial day will count towards the agreed interval.

Kindly let us know if you would be interested, which arrangement best suits your editorial needs, and what rates you would like to charge. We prefer using PayPal but may be able to accomodate alternative payment methods.

Thank you.

*Please note that we employ software that reliably detects autoclick and autosurf bots, pay per click and paid to surf type traffic, and other such non-human traffic. This may be a concern for you, especially if you are buying "bulk traffic", or employing the services of dubious "SEO experts"

The site in question,, seems to be harmless enough - a forum where people can, quite literally, tell the world that they are indeed "doing fine". However, the methods being used by the company promoting the site are veering on the side of "not doing very fine at all" and appear to be somewhat random and scattershot in their approach to web marketing. The obvious danger here is that people will simply come to associate with spam-like tactics, strange emails and immediate associations with 419 scams.

For starters, the people behind the campaign are clearly sending these mails out quite randomly. Why? Well, here's someone with a Flickr account who was sent the same email. Anyone who took five minutes to check would realise that Flickr is for hosting photographs - you can't manipulate your pages to insert adverts, banners or buttons.

A quick Google reveals many more people feeling confused and puzzled by these emails - this is NOT a good feeling to generate amongst people online, as word of mouth spreads extremely quickly and these kinds of tactics are usually frowned upon.

Take a quick look at the site doing the promoting, and things don't improve:
Click to Enlarge

...wha? At first glance I thought it was a site related to videogames involving armies and aeroplanes or something. The English version of the site isn't any more enlightening (with phrases such as "There is nobody else", "If you want something done, we'll have to do it ourselves" and "Squeaky wheels? We've got grease" all over the place). Again, all of these factors (no real substance to the information provided, bizarre phrases and a general sense of oddness) are seen in common webscams, and naturally give people pause for thought.

Of course, the negative feedback created by the approach of Polimedia has now started to flow back to, with threads such as this. There are two key things said by the site owner. One is in response to a post in a thread by a Google employee:

"The notion that "third parties can easily install badware into your computer by asking you to put code into your template" is the sort of nonsense that appeals to otherwise uninformed people. Coming from someone who almost certainly knows better. Not to mention SOMETHING GOOGLE SHOULD BE FIXING, should it actually be true."

This makes no sense to me. There are all sorts of dubious scams out there that involve convincing people to paste code onto their website. It only takes a little bit of malicious code to launch an IFRAME, or run some Javascript, or any number of other things and then you've got a problem on your hands. As for Google somehow being responsible for "fixing" the way in which nefarious people online can use rogue code to push exploits - huh?

The second thing of note that the site owner says is this:

"For the past week or so, we've been employing this Polimedia company to handle our marketing and advertising. So far it is working really GREAT, as far as I understand these things (which admittedly isn't very far)."

This rings warning bells, for me - the site owner seemingly claims he doesn't understand "these things" very well, which presumably means the workings of having someone else handle your marketing and advertising. First of all, if I were him, I'd certainly want to know exactly what a third-party was wanting to place on other peoples websites in my name before committing to such a deal. Secondly, all is not quite as it seems here. Why? Well, here is the owner of posting to a webmaster forum.

For some bizarre reason, he is posting under the username of Polimedia - more confusion. Why post under the name of the third party company you've hired to promote your site? At any rate, the post reads:

"1000$ in this thread. This is a themed pay by post job. Here's the specs :

VERY IMPORTANT : The theme for this project is "doing just fine". Please stick to it. A story about how you are happy with your computer set-up, how your dog learned a new trick, how you baked a pie and it came out just right are welcome. PRODUCT ENDORSEMENTS ARE NOT, unless the product is really mainstream. Story about how you enjoyed a drink of Coca Cola is fine. Story about some internet-based crapola will get you insta-banned.

You will be paid $10 for every 100 posts you make to my forum at In order for you to collect, you must :

Make 100 posts, not less, using AT LEAST 15 different registered user names, starting AT LEAST 10 new threads.

All new thread posts must be AT LEAST 12 lines, 120 words, 600 characters. These length requirements are CUMMULATIVE, meaning you must satisfy ALL.

All reply posts must be AT LEAST 2 lines, 20 words, 100 characters. These length requirements are CUMMULATIVE, meaning you must satisfy ALL.

You may not copy/paste strings longer than 35 characters or 7 words from ANYWHERE. I actually use scripts to check this.

You may add AT MOST one link per post, provided it's either a completely FREE (no adds, no sale pitch, no revenue method whatsoever) website or an image link. You may NOT add more than 30 links TOTAL.

Your post must be relevant and adequate to the available themes. The forum has a broad "doing just fine" theme. Thus, please contribute posts that describe either a personal experience, or a world event/news item about something THAT'S JUST FINE. Personal experiences are preferred, and probably easier to write.

Your posts must be INTELLIGIBLE, written in ENGLISH. You MUST make sense. Random gibberish will not count. I prefer you use standard spelling and punctuation. If you don't, all the differently named registered users you create that make recognizably the same spelling mistakes WILL be counted as one.

You MUST use the same IP address for all your posts, this is how I will count them.

You must send me (user : Mr. M) one private message when you start posting, stating that you intend to start posting. Mention this board and optionally your user name here.

You must send me (user : Mr. M) one private message when you are done posting 100 posts. It MUST contain your paypal address (you will be paid $10 within the same day) and specify if you intend to start another 100 posts block. If you do, please wait for my ok. That means I will tell you whether I'm happy with your work and you should bother doing another 100.

All people satisfying the above conditions will be paid the above sum. No exceptions.
All people FAILING to satisfy the above conditions will NOT be paid the above sum. No exceptions.

I will respond to any disputes here, should one arise (not sure why it would tho).

My budget for paying posters is 1,000$ (it actually is, yes), so post away and take my money. Good luck."

So, despite the fact that the domain was apparently only registered on the 7th February, the forum itself could appear to be extremely active because a large number of people are being paid to post under 15 different registered usernames, with 100 posts each.

This is a fairly clever idea in terms of making a forum come to life quickly - does the earlier statement regarding not understanding the workings of having a third party handle your advertising still ring true? If you're smart enough to do something like the above, why would you even bother to use Polimedia to send out these random mailshots?

Who knows. What I do know is, their tactics need a serious rethink and fast. Though the buttons and code they're placing on websites appear to be harmless, the techniques they're using to promote the site most definitely aren't - as least with regard the reputation of

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on February 29, 2008 7:36 AM.

The Malware Jedi Save The Day! was the previous entry in this blog.

Look Out, It's The Security Twits is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.