Yesterday I published two articles about iDownload.com, a company that makes a product called iSearch, which is installed using deceptive techniques. The company has recently sent cease-and-desist letters to the owners of several Web sites that referred to iSearch as “spyware” or “malware.” It also makes commercial security products, including Virus Hunter, which it sells using questionable techniques.
This morning I read the latest issue of the Windows Secret newsletter, which leads with an article by Brian Livingston that neatly sums up the issues with iDownload. I’ve done some of my own investigations, and the details collectively add up to a picture of exactly how the makers of this type of software get rich by preying on the innocent.
In Adware makers threaten critics, Brian finds three almost comical errors in the cease-and-desist letter written by iDownload’s attorney, who misspelled (1) his client’s name; (2) the word consciousness is misspelled as conscience (Freudian slip?); and (3) the legal term for the offense he is accusing the letter’s recipients of committing, tortious conduct. Brian sent a message to iDownload’s Live Help service and received the following reply from a tech who said his name was Mark:
iSearch is its own independent company that markets many affiliate programs. I believe they have removal instructions and an automatic removal tool on their FAQ page at isearch.com. I don’t know any other info about their company or software.
Brian also reported that the company is “based in New York City.” Maybe. Maybe not. In a commentary on ABC News’ Web site, reporter Michael S. Malone reported that “iSearch is actually owned by iDownload.com, based at 701 Brazos, Suite 500, Austin, Texas 78701.” That’s also where the law firm that sent the nastygrams is based. Meanwhile, the iSearch license agreement (the one that most victims never read) says that it is “ a contract between you (“you” or “your”) and iDownload.com DBA iSearch Internet, a Nevada corporation with a mailing address of 264 Village Blvd, Suite 201, Incline Village NV 89451. A post on the Wilders Security Forum closes the loop by uncovering a Business Reliability Report from the Better Business Bureau of Reno, Nevada, which discloses that iDownload.com has been the subject of seven complaints in the past 12 months and lists an “additional address” of 1180 Avenue of the Americas 14th Floor, New York, NY 10036. (As an aside, this proves what a joke the BBB endorsement is. iDownload knows that it’s difficult and highly unlikely for the average victim of its software to track down its location in Nevada, and that even those who do will probably not file a complaint. By settling those seven complaints, it gets the BBB’s seal even though security experts know that there are tens or hundreds of thousands of unhappy “customers” of their wares.)
Maybe instead of playing “Where in the world is iDownload?” we need to play “Follow the money.” Go to iDownload’s home page and click the Affiliates link. You’ll wind up at a page that contains this bold promise.
Keep clicking and you’ll end up at an affiliate signup form, which contains the gory details of how iDownload recruits people to push its sleazy software. The terms and conditions include the following:
We currently offer four payment program. The rates are indicated as follows:
Pay Per Sale: $20.00USD for each referred customer (signup) that purchase an iDownload.com product via Visa™, Mastercard™, Discover™, American Express™, JCB™, Diner’s Club™, ACH, or Pay Pal™.
Webmaster Referral: 10% for each affiliate referred into the iDownload affiliate program by your “Referral”linking codes. You earn 10% of the net income that the referred affiliate earns.
Search Engine Revenue: 60% of all search revenue generated through the iSearch search engine and referred by your linking codes. Calculation of your earnings is based upon the net revenue that is paid to iSearch by advertisers and will vary depending upon the geographic location of the user and the terms searched for.
Pay Per Download: 25 cents for each unique US or Canadian computer desktop that does not currently have and has not previously had the iSearch Product Bundle and that receives and completes installation of the Product bundle as a direct result of visiting one of the iDownload promotional download products. Other countries are paid at the rate of 1 cent per unique user.
Pay Per Install: 10 cents for each unique US or Canadian, 5 cents for each unique UK computer desktop that does not currently have and has not previously had the iSearch Product Bundle and that receives and completes installation of the Product bundle. Other countries (except those listed specifically in our banned country list) are paid at the rate of 2 cents per unique user.
Read that carefully. Someone is getting a bounty of a few cents if they can convince you to install the iSearch product on your computer. Never mind that it might cost you hundreds of dollars to remove it.
Look at all the credit card companies that do business with iDownload.com. Look at all the companies that advertise using the iSearch service. Those are some deep pockets. Now ask yourself who those affiliates are and how they work. A lot of people are making “piles of cash” off the misery of innocent PC users.
Finally, do a Google search for isearch. Look at the two sponsored links at the top of the page and the list of sponsored links along the right side. Every single one offers a tool to remove it, get rid of it, or clean your system. If you own a software company and an entire industry has sprung up to help people get rid of your software, can you really say you’re running a legitimate business?
Ironically, the very first sponsored link is from iDownload itself. It leads to this page, which offers a downloadable “automated removal mechanism” and claims that “iSearch applications do not hijack home pages, promote obscene material, alter/add items to user’s favorites, modify security related settings, prevent security related applications from running, or alter cookies or url’s to receive credit for affiliate driven sales.” It’s a cleverly written non-denial. No, iSearch doesn’t hijack your home page, but it will redirect your browser to third-party pages when you perform searches. And it doesn’t say a word about the fact that it might download additional software which can and will do all these things.
Of course, many of the products in the list of sponsored links are on the list of Rogue Anti-Spyware Products hosted at Spyware Warrior. And one user who had iSearch installed on his computer reported that iSearch intercepted his attempts to find legitimate solutions using Google, Yahoo, or MSN search engines. So, if you’re a technically unsophisticated user who installs iSearch, you are likely to be victimized by additional companies when you try to get rid of it.
As Brian Livingston summed it up, “When you install adware, you never know what you’re really going to get.”
Ed Bott 
Ed, your cease and desist letter is probably in the mail. 🙂 This stuff is unbelievable.
As a follow-up to my own comment, this raises a question of how the average user — or even a more experienced or savvy “power” user — can avoid downloading bad software from dubious outfits. You mentioned the ICSA lab people, and I wouldn’t think of downloading any security software that they haven’t certified. Likewise, I try to make it a point to avoid software that doesn’t carry Microsoft’s “Designed for Windows XP” logo, although I sometimes make exceptions if independent research persuades me that the program will work fine with XP.
Are you aware of any other reputable certification agencies, like ICSA labs, who regularly and rigorously test software to ensure high performance, stability, or security with XP? Thanks.
Ken
I think it starts by assuming that any piece of software is untrustworthy until proven otherwise by a preponderance of reliable evidence. Most of the crapware out there, including the stuff that iDownload sells, doesn’t survive five minutes’ worth of simple Googling.
That’s an excellent working assumption. Unfortunately, Googling also leads the unwary — or the obsessive tinkerer types like the way I used to be — to these crapware websites in the first place. 😦
That’s exactly it, preying on the innocent. The one time this PC fell victim to spyware, I knew instantly something was happening and I removed the malware programs immediately. However, the average consumer hasn’t got a chance. Are they going to read through the EULA? No. Do they understand the risks? No. Are they better off by downloading spyware? No. Then throw in all the deceptive techniques like drive-by downloads and consumers stand no chance. The spyware companies know this. And that’s why we have such a huge problem with spyware.
I contacted ‘idownload’ with the view to getting their side of the story ….
I used their live one on one messenger type help service to ask some questions.
The first guy declined to answer anything of substance and then disconnected me without warning.
A few hours later I tied again and “Alberto”from the help desk insisted that ‘idownload’ soft ware was “safe”.
However he was short on specifics and told me to write to the New York address with any further questions I might have.
I checked the address given{google search} and the floor given is a “virtual Office” , rent by the week or even by hour.
They virtual office even has a mail service from $60/month.
I suspect ‘idownload’ uses this “glitzy” New York address as a sign of substance and respectability …
Another sleight of hand trick coming from the masters! ….or so it would seem.
regards……
johnpro
Really good job on this, I am glad that some people are still doing investigative reporting.
Thanks for your work here, it is greatly appreciated