GOTHAM CITY RESEARCH LLC Blucora (i.e. Infospace): Worse

GOTHAM CITY RESEARCH LLC Blucora (i.e. Infospace): Worse

GOTHAM CITY RESEARCH LLC
www.gothamcityresearch.com
[email protected]
GOTHAM CITY RESEARCH LLC
Blucora (i.e. Infospace): Worse Than Blinkx plc & Babylon Ltd
“Google's first step is easy: Fire InfoSpace (a.k.a. Blucora). Google doesn't need InfoSpace, and there's
zero reason for this relationship to continue in light of InfoSpace's repeated failings.”
– Harvard Business School Professor Benjamin Edelman, author of The Darker Side of Blinkx, and the
“Doogie Howser of online investigative work” according to former federal prosecutor Richard Boscovich.
Dogpile.com and Webcrawler.com
???
‘candydoll tv’, ‘candydoll.tv’, & ‘vladmodels’ are terms tied to child pornography
???
???
Sources: Alexa, Google
Disclaimer:
By reading this report, you agree that use of GOTHAM CITY RESEARCH LLC’s research is at your own risk.
In no event will you hold GOTHAM CITY RESEARCH LLC or any affiliated party liable for any direct or
indirect trading losses caused by any information in this report. This report is not investment advice or a
recommendation or solicitation to buy any securities. GOTHAM CITY RESEARCH LLC is not registered as
an investment advisor in any jurisdiction.
You agree to do your own research and due diligence before making any investment decision with
respect to securities covered herein. You represent to GOTHAM CITY RESEARCH LLC that you have
sufficient investment sophistication to critically assess the information, analysis and opinions in this
report. You further agree that you will not communicate the contents of this report to any other person
unless that person has agreed to be bound by these same terms of service.
You should assume that as of the publication date of this report, GOTHAM CITY RESEARCH LLC stands to
profit in the event the issuer’s stock declines. We may buy, sell, cover or otherwise change the form or
substance of its position in the issuer. GOTHAM CITY RESEARCH LLC disclaims any obligation to notify
the market of any such changes.
Our research and report includes forward-looking statements, estimates, projections, and opinions
prepared with respect to, among other things, certain accounting, legal, and regulatory issues the issuer
faces and the potential impact of those issues on its future business, financial condition and results of
operations, as well as more generally, the issuer’s anticipated operating performance, access to capital
markets, market conditions, assets and liabilities. Such statements, estimates, projections and opinions
may prove to be substantially inaccurate and are inherently subject to significant risks and uncertainties
beyond GOTHAM CITY RESEARCH LLC’s control.
Our research and report expresses our opinions, which we have based upon generally available
information, field research, inferences and deductions through our due diligence and analytical
process. GOTHAM CITY RESEARCH LLC believes all information contained herein is accurate and
reliable, and has been obtained from public sources we believe to be accurate and reliable.
However, such information is presented “as is,” without warranty of any kind, whether express or
implied. GOTHAM CITY RESEARCH LLC, makes no representation, express or implied, as to the accuracy,
timeliness, or completeness of any such information or with regard to the results to be obtained from its
use. All expressions of opinion are subject to change without notice, and GOTHAM CITY RESEARCH LLC
is not obligated to update or supplement any reports or any of the information, analysis and opinion
contained in them.
You should assume that GOTHAM CITY RESEARCH LLC has and/or will file as a whistleblower with
relevant regulatory entities.
Page 2 of 81
Table of Contents
I.
II.
III.
IV.
V.
VI.
VII.
VIII.
IX.
X.
XI.
XII.
Disclaimer
Summary
Introduction
Blucora = Involuntary clicks + Artificial clicks + Illicit clicks
Blucora’s History of Bad Behavior: The Iminent.com Problem
Google is Better off without Infospace/Blucora
Ties that Blind: “You’re only as good as the company you keep”
Non-GAAP is Back
Shares are Worth <$5.00 per share
Appendix A: Blucora and Malware
Appendix B: A Closer Look at Blucora’s 2005-2010 Impropriety
End Notes
Page 3 of 81
GOTHAM CITY RESEARCH LLC
a GOTHAM CITY RESEARCH’S OPINIONS




+60% of BCOR’s revenue will evaporate in coming
quarters, as Google realizes it is better off without BCOR.
Google and Yahoo can walk away from Blucora any time.
At least 50% of BCOR’s traffic is derived from malware,
click fraud, illicit traffic (e.g. child pornography), and
otherwise suspect traffic.
Blucora and its partners’ practices will receive scrutiny
from Google, advertisers, FTC, DOJ, FBI, IRS, &/or the SEC.
BCOR shares are worth no more than $5.00/share, and
<$1.00/share if BCOR compensates affected parties.
SUMMARY OF FACTS














94.81% of Infospace.com visitors go to css.infospace.com,
a known redirect virus/browser hijacker.
Infospace.com/Iminent.com generate clicks via cloaking, a
practice forbidden per Google’s Webmaster Guidelines.
3 of dogpile’s Top 10 search words are child porn-related.
Webcrawler aggressively purchased child porn search
traffic in recent quarters.
Google prohibits advertising related to child pornography.
80+% of webcrawler’s visitors originate from outside the
US, yet only ~1% of BCOR’s revenues are international.
Ads displayed in Blucora-branded search results violate
requirements set in their 2011 Amended Agreement.
Metacrawler is the 3,301st most visited site, yet is defunct.
~10% decline in Google revenues wipes ~50% of BCOR EPS.
BCOR has a storied history of defrauding investors,
customers, and vendors over the last 15+ years.
Free cash flow has gone negative over the last 9 months.
~50% of recent cash flow from operations consists of
increases in accrued liabilities.
Non-GAAP reporting, not seen since 2003, is back.
Audit fees declined sharply, after changing auditors in ‘12.
Gotham City Research contacted Blucora on several
occasions and did not hear back from the Company.
Company: Blucora
(formerly Infospace)
Ticker: BCOR (formerly
INSP)
Price Target: <$5.00
Share price: $23.70
Market cap: $976M
Enterprise value: $986M
52-week high: $30.12
52-week low: $14.25
Diluted shares
outstanding: 42.88M
Float: 38.80M
Avg. Daily Vol: 482K
% float short (1/31): 17%
TTM Revenue: $504M
TTM Net income: $29M
2013 YTD FCF: -$123M
Tangible book: -$45M
FYE: Dec. 31
Auditors: Deloitte &
Touche LLP,
Ernst and Young
Page 4 of 81
INTRODUCTION
Blucora, formerly known as Infospace, is one of the truly great historical case studies of the fraud and
excesses committed during the dot com boom of the late 1990s1. Former Merrill Lynch analyst, Henry
Blodget, privately referred to Infospace as a “piece of junk”, even as he publicly remained bullish its
stock. Blodget was indicted for securities fraud, and agreed to a permanent ban from the securities
industry (he also paid a $2 million fine plus a $2 million disgorgement).2
While Mr. Blodget appears to have subsequently turned around his life (as evidenced by his modestly
successful media outfit, Business Insider), it seems Blucora never learned its lessons. For example, we
discovered that nearly all infospace.com traffic is malware-related, and that BCOR’s search volumes
experienced a significant boosted in recent quarters, due to a rise in illicit search traffic (specifically child
pornography searches). We also captured a specific instance whereby infospace.com/imminent.com
generates clicks via cloaking (the practice of presenting different content or URLs to human users and
search engines). Cloaking is considered a violation of Google’s Webmaster Guidelines because it
provides users with different results than they expected3.
Professor Ben Edelman has been recording and exposing Blucora’s wrong-doing since 2005
We discovered that we were not alone in our findings. Harvard Business School Professor, Benjamin
Edelman, who recently exposed Blinkx plc’s wrong-doing in a piece titled The Dark Side of Blinkx, had
already exposed Infospace.com’s wrong-doing over many years.
In January 2010, for example, Edelman exposed Blucora’s role in a complex ad fraud scheme (which
incidentally involved AdOn Network, a Blinkx subsidiary). At the time, Professor Edelman stated4:
“Google doesn't need InfoSpace, and there's zero reason for this relationship to continue in light of
InfoSpace's repeated failings.” Blucora seemed to show some remorse, as it “discontinued the
syndication of our search results to certain distribution partners who we deemed to be delivering low
quality clicks.”5 BCOR took a hit to revenue, and its share price suffered as well.
Worse than Blinkx Plc, as Blucora Continues its Wrong-doing
Gotham City Research believes that Blucora did not correct its behavior, after Edelman exposed the
company’s wrong-doing in January 2010. If anything, we believe Blucora re-doubled its efforts (search
revenue has only risen since). We find that Blucora is worse than Blinkx for the following reasons:



94.81% of Infospace.com visitors go to css.infospace.com, a known redirect virus/browser
hijacker. Webcrawler.com, dogpile.com, and metacrawler.com seem no better.
Infospace.com/Iminent.com appears to drive traffic via cloaking, a practice forbidden per
Google’s Webmaster Guidelines. Their scheme reminds of Infospace.com/WhenU in 2010.
We estimate at least 50% of BCOR’s traffic is derived from malware, click fraud, and illicit traffic
(e.g. child pornography & pirated content). It would explain how webcrawler.com has become
the 460th most “visited” website today, ahead of att.com, irs.gov, quora.com, retailmenot.com,
elance.com, abcnews.go.com, and surveymonkey.com. Clicks aren’t really clicks.
Page 5 of 81
Blucora = Involuntary clicks + Artificial clicks + Illicit clicks
Are Blucora’s Recent Search Revenue Growth and Traffic Gains Too Good to Be True?
Blucora (a.k.a. Infospace) refers to itself as an “established player in search advertising.”1 Search traffic
and revenue have risen dramatically over recent years and quarters2:
Blucora Search Revenue Breakdown
2010
2011
2012
$ in millions
Total revenue
$214
$229
$407
Search revenue
$214
$229
$345
69%
80%
88%
Distribution Partners
30%
20%
12%
Owned & Operated
2013LTM
$504
$399
85%
15%
In fact, BCOR’s most popular property, webcrawler.com, has somehow become the 460th most popular
website today (it was the ~7000th most popular website in the world just 2 years ago)3:
How Popular are BCOR's owned sites
relative to other sites? Alexa Traffic Ranks
2012
TODAY
BCOR Property
Webcrawler.com
7,000
460
Infospace.com
1,800
1,868
Dogpile.com
4,000
2,300
Metacrawler.com
30,000
3,200
Reasons for grave doubts and why BCOR’s performance does not pass the “sniff test”
The company’s phenomenal performance makes little sense given:



Brand recognition for its properties is nearly non-existent (when is the last time you heard about
webcrawler.com, outside of this Gotham City Research report?). Metacrawler is defunct4.
Webcrawler.com ranks ahead of att.com, irs.gov, quora.com, retailmenot.com, elance.com,
abcnews.go.com, surveymonkey.com, even as webcrawler.com is a poor quality product5:
Blucora’s peers (e.g. Babylon stock fell -60%) have been negatively impacted by recent Google
policy changes (Note Blucora derives 60+% of revenue from Google vs. 40% for Babylon) 6:
Page 6 of 81
The Best Explanation: BCOR Uses Devious Practices to Artificially Boost Search Results
Gotham City Research believes most of Blucora’s search revenue and traffic growth result from:



Involuntary clicks – Intentionally deceive vulnerable users (e.g. the elderly), via malware, viruses.
Artificial clicks – Boost fake/artificial traffic via click fraud (for example, hire cheap labor in India
and other developing countries to click on ads, all day).
Illicit clicks – Attract users interested in child pornography, pirated materials, & similar.
In fact, we estimate at least 50% of traffic is involuntary, artificial, and/or of otherwise suspect origin7:
Weight Suspect % of Total
BCOR PROPERTY Factor* Traffic** Traffic**
webcrawler.com
62.9%
33.0%
20.8%
Infospace.com
15.5%
94.8%
14.7%
metacrawler.com
12.6% 100.0%
12.6%
dogpile.com
9.0%
33.3%
3.0%
TOTAL SUSPECT TRAFFIC:
51.0%
In the next ~20 pages, we provide the facts and considerations that lead us to believe 50+% of search
traffic is suspect. See Appendix A for accompanying notes to the above table.
The Underlying Blucora/Infospace Business Model
Blucora/Infospace and its distribution partners’ traffic-boosting schemes are complex and inherently
adaptive. Underlying the intricacies, however, is a conceptually simple business model:
Step 1: Disseminate
Latest
Malware/Virus/Click
Fraud Scheme
Step 2: Victims
complain, even as
BCOR reaps clicks and
revenue
Step 4: Blucora
abandons old scheme,
feigns remorse
Step 3: # of
complaints reach
critical mass & BCOR
commences R&D of
new schemes
Page 7 of 81
Consequences of Blucora and its Distribution Partners’ Malfeasance



The artificially boosted search revenues (60+%of total revenues) will decline significantly in the
near future, eventually reaching de minimis levels, as Google and advertisers realize they’re
better off without Blucora (see Google is Better off without Infospace/Blucora)
Google, advertisers, the FTC, DOJ, FBI, IRS, and/or the company itself will validate our beliefs.
Blucora’s malicious intent is evidenced by its many years of violating rules and regulations.
The following facts support our beliefs:





All of Blucora’s main web properties are tied to malware, viruses, & browser hijackers that
attack computers. Infospace is described outright as a “fraudulent web search engine”.
3 of Blucora’s Top 10 search words are child pornography-related terms, on dogpile.com.
Webcrawler aggressively purchased child porn search traffic in recent quarters.
Over 90% of webcrawler’s top search terms are generic terms.
80% of webcrawler.com’s visitors originate from outside North America.
Over 33% originate from India, Pakistan, Indonesia, Nigeria, and Bangladesh.
Pertaining to Google (see more in Google is Better off without Infospace/Blucora):



Blucora’s displayed ads in search results fail to comply with Google’s guidelines, as described in
its 2011 amended agreement with Google.
Google prohibits advertising related to child pornography.
Even if Google/Blucora Renew their Agreement in March 2014, Google can walk away any time.
The Many Ties that Blind (see Ties that Blind: “You’re only as good as the company you keep”):




All the search-related violations mentioned in this report, and elsewhere, happened under the
current Chairman, CEO, CFO, and Infospace President’s watch.
BCOR’s current and past business partners include WhenU.com, Blinkx, Intelius.com, Babylon,
info.com, and Iminent.com, i.e. a “who’s who” of the worst malware/click fraud offenders.
Top five distribution partners generated approximately 25%-50% of total revenues, yet the
company refuses to disclose these distribution partners’ identities, on the record.
Blucora/Iminent.com cloaking behavior we’ve captured resembles Blucora and WhenU.com’s
impropriety, as caught in 2010 by Harvard Business School Professor, Ben Edelman.
BCOR shareholders do not understand that BCOR has achieved high & steady revenue growth since
2010 by taking on greater and greater risks, which remain hidden until…
“A Turkey is fed for 1000 days—every day confirms to its statistical dept. that the human race cares
about its welfare ‘with increased statistical significance’. On the 1001st day, the turkey has a surprise.”8
Page 8 of 81
Involuntary Clicks: infospace.com is a “fraudulent web search engine”
A web security expert describes infospace as a “fraudulent web search engine”. He also states9,


Infospace.com is associated with browser hijackers and rootkits such as Google Redirect Virus
and ZeroAccess rootkit
Browser hijackers and rootkits involve a tracking cookie which helps cybercriminals to change
search results on Google and other major search engines and redirect Internet users to
Infospace.com and other malicious advertisement websites.
This explains why 94+% of traffic is directed to css.infospace.com, a virus/browser hijacker10:
Subdomain
ccs.infospace.com
infospace.com



Percent of Visitors
94.81%
2.12%
Ccs.infospace.com is “http://www.keepbrowsersafe.com/remove-css-infospace-com-get-rid-ofcss-infospace-com-from-pc”
1. It installs in the computer system without users’ permission or consent often with free
downloads.
2. It changes existing browser settings including provided search engines and home pages
causing it to redirect to related malicious websites.
3. As a tactic against innocent Internet users, it appears alike some legitimate search
engine like Google.com and persuade victims to use illegitimate search engine.
4. It often messes up with the privacy settings and exploits them to steal personal files or
information.
Nearly all google search results for “Ccs.infospace.com” result in some variation of “how to
remove css.infospace.com virus” guide.
Unsurprisingly, most victims (i.e., visitors) are middle-aged or elderly11
Page 9 of 81
Webcrawler.com, Dogpile.com, and Metacrawler.com Are No Better Than Infospace.com
We find the same pattern of malware-related misbehavior in all of BCOR’s web properties. For example,
Fantastigames.webcrawler.com is a tricky browser hijacker that presents itself as a legitimate search
engine and sneaks in the computers without the consent of the user12:

Dogpile.com is referred to as a ‘browser hijacker’ and a ‘redirect virus’ 13. We believe BCOR
cleverly infects users by leading them to dogpile.com via searching (on google, ironically) for
‘search engines’ and related terms14:

Metacrawler Toolbar is a malware add-on/extension which installs to internet browsers with or
without user consent15, and seems to infect some users seeking pirated materials, as evidenced
by Filmovizija and Kizi 3 searches send traffic16:

Metacrawler.com seems off-line, as it redirects users to zoo.com17
Page 10 of 81

If Metacrawler.com were a legitimate website, it makes no sense that its website is off-line, and
it instead re-directs visitors to zoo.com (quite unpopular website vs. metacrawler)18:

All these websites receive a disproportionate number of elderly visitors19:
Page 11 of 81
Blucora = Involuntary clicks + Artificial clicks + Illicit clicks
While we prefer to use the term “artificial clicks”, ‘click fraud’ is the correct term to describe20:
“Some fraudulent clickers have gone so far as to automate the process. They use robots or web
crawlers to search through web sites and click on certain links. These bots look for certain URLS or
search terms & exclude others, costing some companies money with each automated click. Other
companies have hired inexpensive workers, usually in 3rd world countries, to manually click on links.”

80% of webcrawler.com’s visitors originate from outside North America, specifically over 33% of
“visitors” originate from India, Pakistan, Indonesia, Nigeria, and Bangladesh. India is a wellknown hot spot for click fraud21.

metacrawler.com22

dogpile.com23
80-90% of traffic originates from outside the US, but only 1% of revenue originates outside the US24
Page 12 of 81
“Signs [of click fraud] include large # of clicks coming from a single IP address or a block of
addresses.”25

Over 90% of webcrawler’s top search terms are generic terms 26

5 of metacrawler’s top search terms seem to originate from single IPs/blocks 27
Did Blucora Move its Click Fraud Operations to India in 2010, just in case HBS Professor Ben Edelman’s
January 2010 WhenU/Infospace Exposé would put an end to all the Company’s click fraud schemes?
$32.50
$30.00
HBS Professor Ben Edelman
exposes Infospace/WhenU.com
schemes: “Google's first step is
easy: Fire InfoSpace. Google
doesn't need InfoSpace.”28
BCOR 2010 to PRESENT
BCOR 2010 to PRESENT
$27.50
$25.00
$22.50
$20.00
$17.50
$15.00
$12.50
$10.00
$7.50
$5.00
$2.50
-40%
“During the 1st half of ‘10, we discontinued the syndication of our search results to certain distribution partners who we deemed
to be delivering low quality clicks. Those discontinuations had a material negative impact on our revenues for the 1st half of ‘10.”31
$0.00
Page 13 of 81
Something Occurred in 2010 in India that Helped BCOR Continue its Nefarious Schemes to Date
Step 1: Disseminate
Latest
Malware/Virus/Click
Fraud Scheme
Step 4: Blucora
abandons old scheme,
feigns remorse, takes a
fianncial hit
Step 2: Victims
complain, even as
BCOR reaps clicks and
revenue
Step 3: # of complaints
reach critical mass &
BCOR commences
R&D of new schemes






January 2010, The Cyber Sheriff Warns: “Google's first step is easy: Fire BCOR. Google doesn't
need BCOR, and there's zero reason for this relationship to continue in light of InfoSpace's
repeated failings.”32
April 2010, BCOR Explores New Scheme: BCOR announces it will sell Infospace India to Aditi:
“Signed a definitive agreement to sell to Aditi & expects to enter into an outsourced
development arrangement with Aditi. This provides BCOR with continued access to engineering
talent while reducing BCOR’s costs of managing a foreign subsidiary.”33
Before June 30 2010, Feigns Remorse: “we discontinued the syndication of our search results to
certain distribution partners who we deemed to be delivering low quality clicks.”34 - BCOR
September 2010: Chairman Voelker announces resignation from the Board.35
November 2010: CEO William Lansing quits.36
2011 – Present. Scheme Pays Off, Complaints Rise: Blucora implements its India-based click
fraud schemes, helping the company drive sufficient traffic. Meets and beats internal and Wall
Street search revenue expectations. An increasing number of vulnerable users are victimized by
Blucora and its business partners’ malfeasance, as we’ve documented throughout this report.
Supporting Facts

Infospace’s search revenue has increased 2x since 2010, even as its brand-recognition declined37:
Blucora Search Revenue Breakdown
2010
2011
2012
$ in millions
Total revenue
$214
$229
$407
Search revenue
$214
$229
$345
69%
80%
88%
Distribution Partners
30%
20%
12%
Owned & Operated
2013LTM
$504
$399
85%
15%
Page 14 of 81
Supporting Facts – continued


Blucora has taken every possible action, EXCEPT reinvest in its search business since 2010:
1. Renamed itself Infospace  Blucora38 … why distance itself from a ‘growing’ business?
2. Acquired a hodge podge of unrelated businesses, instead of re-investing in search39.
3. BCOR has behaved as if its search business can disappear at any given moment.
Aditi has an office in Bellevue, WA, 10 minutes away from Blucora40

Aditi’s CEO is based out of the “Greater Seattle Area”41

Infospace Technologies Linkedin profile sounds as if it could generate search traffic 42

Blucora’s main web properties derive a 80+% of traffic from outside the US, and India is the #1
and #2 traffic contributor (as shown several pages ago)
Blucora’s past/present relationships with controversial entities such as Intelius, Blinkx (all with
offices 10 minutes away from Blucora).
Blucora does not name a single distribution partner, between 2010 – present (except Make the
Web Better in 2010, which seems to have disappeared unnoticed in 2011), despite their sizeable
contributions toward overall revenue.


Page 15 of 81
Blucora = Involuntary clicks + Artificial clicks + Illicit clicks
Recent Growth of Owned and Operated Revenue and Traffic
Owned and Operated revenue growth has surprised to the upside in the last 2 quarters, just as
distributed search growth decelerated significantly (presumably due to Google policy changes)43:
webcrawler.com
metacrawler.com
dogpile.com
Page 16 of 81
Rise of Illicit Clicks Explains Recent Growth in Owned and Operated Search Revenue
We believe most (if not all) recent growth in Blucora’s Owned and Operated search revenues are
derived from illicit content searches, e.g. child pornography and pirated content. BCOR had clear motive
to generate marginal traffic from fringe sources, as distribution revenue growth recently slowed44:
“We expect that revenue from searches conducted by end users on sites of our
distribution partners will continue to be an increasing majority of our search services
revenue.” – 10K 2012
Unfortunately for Blucora, Google (as well as Federal Law) does not care if child pornography related
activity is 0.1%, 1.0%, 10.0%, or 100.0% of total activity. They have a zero tolerance policy45:
Google is deeply committed to providing a healthy and trusted online environment for all of our
users, and especially children. While the Internet provides an amazing opportunity for people to
connect with useful information, some online material poses serious risks to children and families,
and some online behavior violates the law and should be eradicated. Child pornography, in
particular, is a horrific and vicious crime. Today, I testified before the House of Representatives
Subcommittee on Oversight and Investigations about Google’s efforts to keep kids safe online.
Among the initiatives that I highlighted:
- Google has a zero-tolerance policy on child pornography. We prohibit any advertising related
to child pornography. When we become aware of child pornography anywhere in our search
engine or on our site, we immediately remove and report it to the appropriate authorities.
- We work closely with law enforcement to help track down child predators, and respond to
hundreds of child safety-related requests per year.
Page 17 of 81
Evidence Blucora Benefits from Child Porn-related Search Traffic
"He who accepts evil without protesting against it is really cooperating with it." - Martin Luther King, Jr.

child.webcrawler.com – Daily Ad budget for this shady sub-domain has increased dramatically
from Q3 to Q4 2013. They keywords used to generate traffic include child pornography-related
terms46:
Page 18 of 81
Webcrawler.com Places Child Pornography Ads on Google47
Page 19 of 81
Page 20 of 81
Child Pornography Ads on Google Blucora Removed Recently
The following search results were visible through January. We wonder if Professor Edelman’s Blinkx post
frightened BCOR, or BCOR wanted to window dress before Google negotiations:
Instead of webcrawler.com, info.com (listed as one Blucora’s distribution partner several years ago; we
suspect the two are secretly business partners) now shows ads related to these child porn terms48:
Page 21 of 81
3 of the top 10 keywords to Dogpile.com are child pornography-related terms49:
Why we Believe Webcrawler.com and Dogpile.com may be a Refuge for Pedophiles
Compare the auto-filled results for dogpile and webcrawler vs. google, when the word ‘child’ is typed 50:
`
Page 22 of 81
Blucora’s History of Bad Behavior: The Iminent.com Problem
Iminent.com of 2013-2013 = WhenU.com of 2010?
In 2004, WhenU.com was banished by Google and Yahoo! for distorting search rankings1:
Top search engines Google and Yahoo! have removed direct links to WhenU.com after the
controversial on-line ad company was found guilty of 'cloaking', an optimisation technique that
distorts search rankings.
Google cracked down on WhenU.com after Harvard Business School Professor, Benjamin Edelman,
alleged that WhenU was using at least thirteen cloaking sites in "an attempt to hold multiple positions in
search engine results bearing WhenU's name".2
By 2010, WhenU.com somehow resurfaced as spyware, scheming this time with Infospace/Blucora.
Edelman pointed out their complicit wrong-doing.3 BCOR took notice4:
“During the first half of 2010, we discontinued the syndication of our search results to certain
distribution partners who we deemed to be delivering low quality clicks. Those discontinuations
had a material negative impact on our revenues for the first half of 2010.” – August 2010
Blucora/Infospace is a Repeat Offender, as Documented by Edelman Below5
Flipping through my records of prior InfoSpace observations, I was struck by the half-decade of bad
behavior [2005-2010]. Consider:
June 2005: I showed InfoSpace placing Google ads into the IBIS Toolbar which, I demonstrated in
multiple screen-capture videos, was arriving on users' computers through security exploits (without
user consent). The packet log revealed that traffic flowed from IBIS directly to InfoSpace's Go2net.com
-- suggesting that InfoSpace had a direct relationship with IBIS and paid IBIS directly, not via any
intermediary.
August 2005: I showed InfoSpace placing ads through notorious spyware vendor Direct Revenue
(covering advertisers' sites with unlabeled popups presenting their own PPC ads). The packet log
revealed that traffic flowed from Direct Revenue directly to InfoSpace -- suggesting that InfoSpace had
a direct relationship with Direct Revenue and paid Direct Revenue directly, not via any intermediary.
August 2005: I showed InfoSpace placing ads through notorious spyware vendor 180solutions/Zango.
The packet log revealed that traffic flowed from 180solutions directly to InfoSpace -- suggesting that
InfoSpace had a direct relationship with 180solutions and paid 180solutions directly, not via any
intermediary.
February 2009: I showed InfoSpace placing Google ads into WhenU popups that covered advertisers'
sites with their own PPC ads.
May 2009: Again, I showed InfoSpace using WhenU to cover advertisers' sites with their own PPC ads,
through partners nearly identical to the February report.
January 2010 (last week): I showed InfoSpace's still placing Google ads into WhenU popups and still
covering advertisers' sites with their own PPC ads.
Page 23 of 81
Blucora/Infospace Offenses Continue Through 2014, Marking a Decade+ of Wrongdoing
As we’ve shown earlier in this report and the appendix, BCOR’s search traffic shenanigans continue
unabated. We would like to highlight Blucora’s recent and current malfeasance tied to Iminent.com.
According to Blucora’s most vocal shareholder (who incidentally was a shareholder of many now-proven
Chinese reverse merger frauds), Iminent.com is one of Blucora’s model customers6:
–
This Blucora shareholder did not do his due diligence, just as he did not do his due diligence before
purchasing Chinese reverse mergers stock frauds7:
Page 24 of 81
It Gets Worse: We have a video and we document the Infospace/Iminent scam in real-time8
1. This video captures the Infospace/Iminent scam in real time.
 Note several instances of misrepresentation, specifically cloaking (i.e. search engines see one
thing, and visitors see something else). Pop-ups open without consent.
 Iminent.com is referred to as a virus, browser hijacker, adware, spyware, and more 9.
 The Infospace/Iminent scam resembles the Infospace/WhenU scam Edelman exposed.
 Appears to be in violation of Google’s terms of agreement, and also applicable laws.
The Smoking Gun: Infospace/Iminent Cloaking with Search Ads, in Violation of Google Guidelines
This screen sufficiently shows Infospace cloaking10:
Cloaking is considered a violation of Google’s Webmaster Guidelines11:
Cloaking refers to the practice of presenting different content or URLs to human users and search
engines. Cloaking is considered a violation of Google’s Webmaster Guidelines because it provides our
users with different results than they expected.
Page 25 of 81
Google is Better off without Infospace/Blucora
On Oct 30, 2013, Babylon’s shares declined -62%, as Google walked away from Babylon1:
The shares of the company that got more than 40 percent of its revenue from the collaboration
[with Google], plunged 62 percent, the most since they started trading in Israel. Google told
Babylon it won’t renew the contract ending Nov. 30 following complaints about the Or Yehuda,
Israel-based company’s toolbar, Google’s decision threatens the whole industry, Babylon’s Chief
Executive Officer Alon Carmeli said. “We are the first to experience these events,” he said in a
statement to the exchange. The company is studying the implications and working to adapt to
the new reality, Carmeli said. “This could mean a change in the toolbar model and this is bad for
the industry.
Gotham City Research believes Blucora is worse than Babylon, Google is Better off without BCOR
The following support our beliefs:






Blucora is worse than Babylon, when it comes to illicit search traffic, as evidenced by the child
porn and pirated content searches and clicks (see earlier sections for more).
Google prohibits any advertising related to child pornography.
Blucora’s search results violate guidelines articulated in BCOR/GOOG 2011 amended agreement.
BCOR has a long (and growing) track record of a variety of wrong-doing.
Google is economically better off without Blucora.
Google has more reasons to drop BCOR today than it did in 2010, when Edelman suggested it.
Severing Ties with Blucora would Bolster Google’s Recent Commitment to Combat Child Pornography
2 weeks after Google cut ties with Babylon, it publicly responded to UK Prime Minister David Cameron2:
Leading search engine companies Google and Microsoft have agreed measures to make it harder
to find child abuse images online. As many as 100,000 search terms will now return no results
that find illegal material, and will trigger warnings that child abuse imagery is illegal.
David Cameron has welcomed the move but said it must be delivered or he would bring forward
new legislation. Child protection experts have warned most images are on hidden networks.
In July, Mr Cameron called on Google & Microsoft's Bing - which together account for 95% of
search traffic - to do more to prevent people getting access to illegal images. He said they
needed to ensure that searches which were unambiguously aimed at finding illegal images
should return no results.
But Jim Gamble, former head of the Child Exploitation and Online Protection Centre (Ceop), told
BBC Breakfast he did not think the measures would make any difference with regard to
protecting children from paedophiles."They don't go on to Google to search for images. They
go on to the dark corners of the internet ...”
Page 26 of 81
Google has a zero-tolerance Policy on Child Pornography & Prohibits any Advertising Related to it
According to Google3:
Google is deeply committed to providing a healthy and trusted online environment for all of our
users, and especially children. While the Internet provides an amazing opportunity for people to
connect with useful information, some online material poses serious risks to children and families,
and some online behavior violates the law and should be eradicated. Child pornography, in
particular, is a horrific and vicious crime. Today, I testified before the House of Representatives
Subcommittee on Oversight and Investigations about Google’s efforts to keep kids safe online.
Among the initiatives that I highlighted:
- Google has a zero-tolerance policy on child pornography. We prohibit any advertising related
to child pornography. When we become aware of child pornography anywhere in our search
engine or on our site, we immediately remove and report it to the appropriate authorities.
- We work closely with law enforcement to help track down child predators, and respond to
hundreds of child safety-related requests per year.
Ads on Search Results Violate Google Requirements per 2011 Amended Agreement
We’ve found at least 2 kinds of direct violations:

There are more than 3 ads displayed, despite Google allowing for UP TO 34
Page 27 of 81

We see ads displayed in the middle of search results, where only organic results should be
placed (in fact, it seems ads take up more space than organic search results):
Zoomed in:
4 ads, instead of 3
Ads in middle of
search results, in
lieu of more
organic results.
Page 28 of 81

Low quality ads – the ads displayed on the top are nearly identical to those on the bottom

Page 29 of 81

Ads are repetitive, only take up space
AMENDED AND RESTATED GOOGLE SERVICES AGREEMENT 5
Page 30 of 81
Page 31 of 81
Even if Google and Blucora Renew their Agreement in March 2014, Google Can Walk Away Any Time
Straight from BCOR SEC filings6:
If Google or Yahoo! believe that we or our search distribution partners have failed to meet the
requirements and guidelines or the Search Customer agreements, they may suspend or
terminate our or our distribution partners’ use and distribution of their search products and
services, with or without notice, and in the event of certain violations, may terminate their
agreements with us. We and our distribution partners have limited rights to cure breaches of the
requirements and guidelines.
Failure by us or our search distribution partners to comply with the guidelines promulgated by
Google and Yahoo! may cause that Search Customer to temporarily or permanently suspend the
use of its content or terminate its agreement with us, or may require us to modify or terminate
certain distribution relationships.
Restrictions on our ability, & the ability of our search distribution partners, to distribute, market,
or offer search-related applications, products, and services may impact our financial results.
A significant portion of our Search revenue is dependent on business models that can be
negatively impacted by changes in policies or technology. For example, many of our Search
distribution partners distribute applications, extensions, or toolbars that are monetized through
the search services that we provide. Our Search Customers require that such applications,
extensions, or toolbars, and the distribution of those applications, extensions, or toolbars,
comply with certain guidelines. Our Search Customers can and do modify these guidelines
from time to time, and recent modifications of these guidelines may impact the distribution of
applications, extensions, or toolbars that drive traffic and revenue to our search services. In
addition, our Search Customers’ guidelines have in the past, and may in the future, negatively
affected our ability, and the ability of our search distribution partners, to drive traffic to our
search services through the use of search engine marketing.
Further, certain third parties have introduced, and can be expected to continue to introduce, new
or updated technologies, applications, and policies that may interfere with the ability of users of
search services provided directly by us or by our search distribution partners to access those
services. For example third parties have introduced technologies and applications (including new
and enhanced web browsers) that prevent users from downloading the extensions or toolbars
provided by some of our search partners. Those applications may also have features and policies
that interfere with the functionality of search boxes embedded within extensions and toolbars
and the maintenance of home page and other settings previously selected by users.
Any changes in technologies, applications, and policies that restrict the distribution, marketing,
and offering of search-related applications, extensions, toolbars, products, and services may
impact our operating and financial results.
Page 32 of 81
Google is economically better off without Blucora
The BCOR shareholder describes the economics of BCOR search business7:




If the above is correct, Google will retain a greater percentage of the $1 described if it severs its
ties with BCOR.
Given how terrible (in quality) BCOR’s search results are, it’s not clear what BCOR is bringing to
the table to earn 80% of the economics. And this is only on the legitimate searches.
The above analysis only addresses the upside return, not the downside risks. If UK Prime
Minister David Cameron, or other politicians probe Google and Blucora’s child porn search
results & ads, Google bears a disproportionate amount of the financial & reputational risks.
If Google does not renew its agreement with Blucora, it eliminates the downside risks, and
captures all of the upside potential.
Google has more reasons to drop BCOR today than it did in 2010, when Edelman suggested it
Professor Benjamin Edelman has publicly recommended (on several occasions) that Google should, “Fire
InfoSpace; there's zero reason for this relationship to continue in light of InfoSpace's repeated failings”.
We’ve documented some of his statements & reasoning earlier in this report. Here is more 8:
The Impropriety of Google's Relationship with InfoSpace
In my view, Google's relationship with InfoSpace is ill-advised for at least three reasons:
First, InfoSpace has a track record of improper placements of Google ads. InfoSpace is implicated
in all three of the placements detailed above -- misplacements that have continued over a
lengthy period despite ample notice and opportunity for correction. Furthermore, I have
personally observed other improper placements by InfoSpace. (Perhaps I'll post more in a further
piece.) Google need not continue to do business with a distributor with such a poor track record.
Second, Google does not need a distributor whose business model entails farming out ad
placements to subdistributors. If InfoSpace's subdistributors seek to distribute Google ads, and to
be paid for doing so, let them apply directly to Google and undergo Google's ordinary quality
control and oversight. Inserting InfoSpace as an additional intermediary serves only to lessen
accountability.
Third, InfoSpace's corporate history undermines any request for lenience or forgiveness. The
Seattle Times chronicles InfoSpace's accounting fraud in a three-part investigative report, "DotCon Job. The Seattle Times byline summarizes their findings: "Investors were cashing out
millions, and faithful investors were left with pennies." Hardly a mark of trustworthiness!
Page 33 of 81
Ties that Blind: “You’re only as good as the company you keep”
The Ties that Blind
By now, we expect readers to wonder how Infospace/Blucora could possibly get away with all the
current and past misdeeds highlighted in this report. Gotham City Research believes the following have
contributed to the company’s misbehavior leading to the present:





No senior Blucora/Infospace executive has ever faced criminal liability, to date, despite the
many and repeated examples of management and corporate malfeasance throughout its history.
The current management team (a few key members have been with the company for 5-15
years), has been conditioned to believe it can engage in any risky/improper behavior, and never
face personal liability; only upside.
Most, if not all, of the misbehavior that we & Professor Edelman describe occurred under
current Management’s watch.
Nearly all BCOR CEOs have eventually resigned amid some prevailing controversy, at the time.
Blucora’s distribution partners include some (at best) controversial outfits, as well as some
proven rogue operators. The company does not reveal their identities for a reason.
A Closer look at Management
“There is some good in the worst of us and some evil in the best of us" –Dr. Martin Luther King Jr.
Gotham City Research finds it very concerning that all the search-related violations we documented in
this report, and many of the improprieties Professor Edelman documented between 2005-2010,
happened under the current Chairman, CEO, CFO, and Infospace President’s presence1:





Eric Emans, a long-time Infospace/Blucora employee, is the Chief Financial Officer. He was the
Chief Accounting Officer prior to being appointed CFO, and worked for Deloitte & Touche
(BCOR’s long-time auditor, up to 2012) before joining Infospace in the early 2000s.
Michael Glover heads the search segment, and has been with BCOR since 2000.
William J. Ruckelshaus became the company’s president and CEO in November 2010 after
serving as a board member since May 2007. Ruckelshaus had no prior CEO experience.
John E. Cunningham, IV has served as director of the company since July 1998 and as the
chairman of the board of directors since January 2011. He also served as lead independent
director from February 2010 through December 2010. He is a member of the Audit Committee.
Mr. Cunningham’s brother, James S. Cunningham, is an employee of the Company who is
serving as one of the Company’s managers of business development.
Page 34 of 81
Info.com – Distribution Partner of the Past, Present, or Both?
From BCOR 2006 10K2:
Recall from our earlier child pornography section that webcrawler.com’s illicit ads related to the ‘vlad
model’ disappeared recently, only to be replaced by info.com ads for the same illicit terms3:
webcrawler.com advertised the same terms through January :
Page 35 of 81
Info.com and Blucora Appear to Have Some Kind of Relationship4
Page 36 of 81
Blinkx and Blucora – Partners of the Past, Present, or Both?
June 25, 2007 – According to an Infospace press release5: “InfoSpace Partners with blinkx to Offer Video
Search Functionality on Award-Winning Dogpile.com”
January 12, 2010 – According to Professor Edelman’s, “Google Click Fraud Inflates Conversion Rates and
Tricks Advertisers into Overpaying”, AdOn Networks (a subsidiary of blinkx as of 2012) and Infospace
were part of the same scheme6:
November 30, 2010 – “Blinkx hasn’t become a household name like YouTube, in part because the lion’s
share of its business is providing video search services to other companies, such as Ask.com, Real
Networks, and Infospace.” 7
January 28, 2014 – According to Professor Edelman’s, “The Darker Side of Blinkx”: “I show the ex-AdOn
traffic broker still sending invisible, popup, and other tainted traffic.”8
According to Alexa9:
Page 37 of 81
Blinkx and Blucora – Mere Coincidences?10

https://www.linkedin.com/pub/pavel-lyadnov/23/160/70a
Blinkx and Blucora 10 minute drive (<5 miles away from each other) according to google maps11
http://www.yellowpages.com/bellevue-wa/mip/blinkx-460664010
We called the listed phone number, and surely it is Blinkx.
Page 38 of 81
The Controversial Babylon Was/Is a “Strategic Partner” of Blucora12
https://www.linkedin.com/in/shakedtal
Intelius and Blucora – Partners of the Past, Present, or Both?
Founder and former CEO of Infospace.com Naveen Jain (with other former Infospace employees )
founded Intelius13:
After leaving InfoSpace Jain started a new company, Intelius, across the street from his old
offices in Bellevue, Washington. Intelius has been on the receiving end of hundreds of consumer
complaints alleging fraud, many of which are around a partnership the company has with
Adaptive Marketing and a “product” they offer called Privacy Matters Identity. Every time a
customer buys a product at Intelius, they are shown a page telling them “Take our 2008
Consumer Credit Survey and claim $10.00 CASH BACK with Privacy Matters Identity.”
January 1, 2008 – from Intelius S-1 (it never went public)14: “We have established relationships with
leading online portals and directories, including Idearc, InfoSpace, MSN, Yahoo! and
YELLOWPAGES.COM, that market our services on their websites and direct visitors to our websites.
June 2012 – Infospace changes its name to Blucora, and Intelius changes its name to Inome.15
Last but Not Least, Let’s Not Forget Iminent.com
As we’ve documented earlier in this report, Iminent.com is a deeply troubling, current Blucora partner16:
Page 39 of 81
Non-GAAP is Back
InfoSpace bubble-era accounting highly "complicated": historical background
According to USA Today1:
InfoSpace used complicated accounting methods in an attempt to reach Wall Street's revenue
expectations during the aftermath of the dot-com frenzy, The Seattle Times reported this week.
The deals helped the once high-flying technology company please Wall Street analysts even as its
much-vaunted business was not performing as well as executives had hoped, the newspaper said.
After Naveen Jain was forced out, Jim Voelker took over as CEO, and stopped reporting non-GAAP,
“profits before all the bad stuff”2:
The company's revenues today are solid, Voelker said. By the time he took over, the company
had already stopped the dubious practice of investing in companies in exchange for business.
"There weren't any lazy Susan deals out there," he said.
Voelker ended the company's practice of reporting pro-forma profits, which critics dubbed
"profits before all the bad stuff" and which didn't meet general accounting standards.
Jim Voelker resigned as CEO in 2009, and as Chairman in 2010. BCOR’s post-Voelker accounting and
disclosure practices concern us for the following reasons:









CEO William Ruckelshaus reintroduced Non-GAAP reporting in 2011. The irregularities between
BCOR’s GAAP and Non-GAAP are troubling.
Over 50% of cash flows from operating activities are a result of increases in “Accrued expenses
and other current and long-term liabilities”, in the last few quarters.
Blucora purchased Make The Web Better, a distribution partner (a rare instance whereby BCOR
actually names a partner). We suspect there’s a “lazy susan” element to this transaction.
Accounting Goodwill seems inflated. Economic goodwill seems quite negative.
Between 2007 to date, BCOR filed 36 comment and response letters with the SEC (vast majority
post 2011).
Auditor change – Deloitte to Ernst and Young. Timing is interesting (just around the merger time)
Audit fee declining $789K to $433K from 2011 to 2012, even as company grew in complexity.
Former Blinkx staff accountant is now a Blucora staff accountant.
Less distribution partner disclosure today compared to Voelker’s time.
Page 40 of 81
The Return of Non-GAAP Accounting
As soon as William J. Ruckelshaus became CEO, he re-introduced the previously taboo Non-GAAP
accounting to Blucora. Since then, Non-GAAP net income has consistently exceeded GAAP net income,
and Non-GAAP net income has grown at a faster rate than GAAP net income 3:
Non-GAAP vs. GAAP Net Income
2011
2012 2013 YTD
thousands $s
Non-GAAP Net Income $28,764 $70,760 $79,599
GAAP Net Income $21,594 $22,526 $25,533
$ Variance $7,170 $48,234 $54,066
Variance as % of GAAP NI
33.2%
214.1% 211.7%
Quality of Cash Flow (not just Earnings) Suspect as Well
~50% of cash flows from operating activities are a result of increases in “Accrued expenses and other
current and long-term liabilities”, in the last few quarters.4
The Curious Case of Make The Web Better: a Lazy Susan Transaction?
Infospace.com in the past5:
However, Jain later renegotiated the deal with his brother to try to dramatically boost
InfoSpace's struggling revenues.
They came up with a plan: InfoSpace would buy an $8 million interest in netgenShopper, which in
turn would send $5 million of it back as payment to InfoSpace for promotional services.
Specifically, InfoSpace agreed to send out e-mails to potential customers and guaranteed an
enormous number of hits on netgenShopper's online ads.
It was the kind of deal that InfoSpace insiders referred to as "buying revenue" or "a lazy
Susan" because the cash the company gave out came right back to it as revenue.
Page 41 of 81
Revenue generated from search traffic on the Make The Web Better site was $3.1 million in 2012, $8.2
million in 2011, and $16.4 million in 20106:
Make The Web Better Revenue
2010
2011
million $s
MTWB Revenue
$16.4
$8.2
Search revenue $214.3
$228.8
MTWB Revenue growth
(50.0%)
MTWB Revenue growth
6.8%
2012
$3.1
$344.8
(62.2%)
50.7%
What happened? How did MTWB revenue decline to zero by 2013 (there is no mention in the 2013
filings), even as total search revenue has doubled in that time? Also it appears Blucora has yet to make
the necessary impairments to earnings (i.e. the balance sheet is inflated).
The http://www.make-the-web-better.com/ website is off-line; impairment seems appropriate:
SEC Correspondence and Comment letters are concerning
There are 36 of them. As shown in the table below, between 2007 to date, BCOR filed 36 comment
letters with the SEC. While the number of exchanges with the SEC does not guarantee an investigation,
the arrogance and disrespect towards the SEC that is evident in BCOR rebuttals may not please them7:
Type
LETTER
Company
Received Type
BLUCORA, INC. 11/04/13 LETTER
LETTER
BLUCORA, INC. 11/04/13 CORRESP
CORRESP BLUCORA, INC. 11/04/13 CORRESP
CORRESP BLUCORA, INC. 11/30/12 CORRESP
CORRESP BLUCORA, INC. 11/30/12 CORRESP
CORRESP BLUCORA, INC. 11/30/12 LETTER
LETTER
BLUCORA, INC. 11/30/12 LETTER
LETTER
BLUCORA, INC. 11/30/12 LETTER
LETTER
BLUCORA, INC. 11/30/12 LETTER
LETTER
BLUCORA, INC. 11/30/12 CORRESP
CORRESP BLUCORA, INC. 11/30/12 CORRESP
CORRESP BLUCORA, INC. 11/30/12 CORRESP
Company Received
BLUCORA, 11/30/12 INC. BLUCORA, 11/30/12 INC. BLUCORA, 04/26/11 Type
LETTER
LETTER
LETTER
INC. BLUCORA,
04/26/11 CORRESP
INC. BLUCORA, 04/26/11 CORRESP
INC. BLUCORA,
04/26/11 CORRESP
Company Received
BLUCORA, 03/20/09 INC. BLUCORA, 03/20/09 INC. BLUCORA, 03/20/09 INC. BLUCORA,
03/20/09 INC. BLUCORA, 03/20/09 INC. BLUCORA, 03/20/09 INC. BLUCORA,
04/26/11 CORRESP
INC. BLUCORA, 04/26/11 CORRESP
INC. BLUCORA,
04/26/11 CORRESP
INC. BLUCORA,
09/07/07 INC. BLUCORA, 09/07/07 INC. BLUCORA, 09/07/07 INC. BLUCORA,
04/26/11 LETTER
INC. BLUCORA, 04/26/11 LETTER
INC. BLUCORA,
03/20/09 LETTER
INC. BLUCORA,
09/07/07 INC. BLUCORA, 09/07/07 INC. BLUCORA, 09/07/07 INC. INC. Page 42 of 81
BCOR Audit Fee Declines -45%
We find the timing of a dramatic reduction in BCOR’s audit fee suspicious given8:



BCOR changed from its long-time auditor, Deloitte and Touche, to Ernst and Young
BCOR re-introduced Non-GAAP net income the very same year (something that, perhaps, its old
auditor would not allow)
BCOR growing acquisition activity and complexity
Distribution Partner Disclosure: Opacity Today vs. Transparency in Voelker’s Day
The Voelker age (when Non-GAAP was banned)9:
versus the reign of CEO Ruckelshaus10:
Page 43 of 81
BCOR Shares Are Worth No more Than $5.00 per Share
BCOR is Misunderstood by its Shareholders
“A Turkey is fed for 1000 days—every day confirms to its statistical department that the human race
cares about its welfare ‘with increased statistical significance’. On the 1001st day, the turkey has a
surprise.” 1
Blucora’s peer, Babylon, can relate to the Turkey and Indymac 2:
Blucora’s business is structurally fragile, built on a foundation of hidden risks. It additionally faces an
array of immediate downside catalysts.
Page 44 of 81
The Known Unknown
Let’s compare Blucora against Babylon:



Blucora derives 60+% of revenue from Google vs. 40% for Babylon3
Google decided not to renew its contract with Babylon, after receiving a large number of
complaints. Blucora’s offenses are well documented in this report and elsewhere.
Blucora’s search traffic has benefited from child porn and pirated content searches, as
documented in this report. Google prohibits advertising related to child pornography.
Even if Google and Blucora Renew their Agreement in March 2014, Google Can Walk Away Any Time
The immediate risk for shareholders is the upcoming March 2014 Google deadline. However, the risk
remains afterwards. BCOR is the Thanksgiving turkey, the March 2014 deadline is Thanksgiving day, and
Google can designate any future day as Thanksgiving day:4



If Google or Yahoo! believe that we or our search distribution partners have failed to meet the
requirements and guidelines or the Search Customer agreements, they may suspend or
terminate our or our distribution partners’ use and distribution of their search products and
services, with or without notice, and in the event of certain violations, may terminate their
agreements with us.
We and our distribution partners have limited rights to cure requirement/guideline breaches.
Failure by us or our search distribution partners to comply with the guidelines promulgated by
Google and Yahoo! may cause that Search Customer to temporarily or permanently suspend the
use of its content or terminate its agreement with us, or may require us to modify or terminate
certain distribution relationships.
The Unknown Unknowns: Shareholders are missing the $400+ million Problem
Blucora’s search revenue growth since 2010 has come at the cost of building hidden risks into the
business, rendering it more fragile today than in 2010 (though it looks stronger to the unsuspecting):




FTC, DOJ, FBI, IRS, &/or the SEC – If any of these entities investigates BCOR (and we believe they
have plenty of cause to do so), we estimate liability to easily exceed $200 million for BCOR.
Child Pornography is a Federal Crime, Period – Wall Street and Blucora shareholders fail to
understand how criminal liability works in practice. If a man is caught watching child
pornography, he faces criminal liability, regardless of whether he only spends 10.0%, 1.0%, 0.1%,
or 0.01% of his time watching child pornography.
Trial Attorney, Class Action – If a capable lawyer were to sue Blucora, on behalf of all the
malware and related victims (the elderly, advertisers, etc), we estimate liability at $200+ million.
Blucora’s Search Business Banned – If Infospace.com, etc. were to disappear tomorrow, no one
will care, and no one will notice. Given the on-going malfeasance we’ve uncovered, and its
history of committing wrong-doing, a few probes seem well-warranted.
Page 45 of 81
Why we believe Blucora’s shares are worth no more than $5.00/share


We estimate GAAP earnings will decline to ~$15 million, if revenue from Google declines ~10%.
10% of revenue from Google is ~$36 million, and at a ~40% gross margin, results in a ~$14
million decline in earnings. 2013 TTM net income of $29 million less $14 million = ~$15 million.
At a 14x P/E multiple, $15 million in earnings gets us to $5.00 per share.
Why we believe Blucora’s shares easily approach <$1.00/share

BCOR has been burning cash in the last few years, just as it should be hoarding cash (to offset
against the unacceptable search-related risks it has quietly been taking)5
BCOR Has Not Generated Lasting Free Cash Flow
2008
2009
2010
2011
2012
YTD
thousands $
Cash Flow from Operations ($38,180) $30,000
$49,906
$25,263
$48,831
$65,388
Cash Flow from Investing ($12,277) ($2,435) ($10,894)
(2,679) ($283,142) ($187,566)
Free Cash Flow ($50,457) $27,565
$39,012
$22,584 ($234,311) ($122,178)
Cumulative Free Cash Flow ($50,457) ($22,892) $16,120
$38,704 ($195,607) ($317,785)

Tangible book value is now negative, leaving no downside protection. We believe the company
has material NEGATIVE economic goodwill, due to its shady business practices6
Tangible Book Value has Been Declining Rapidly, Now Negative
2008
2009
2010
2011
2012
ytd
thousands $
Book value $262,324 $279,835 $301,771 $355,105 $415,450 $483,634
goodwill $44,123 $44,815 $44,815 $44,815 $230,290 $343,139
Intangibles
$0
$457
$3,910
$1,315 $132,815 $185,421
Tangible book value $218,201 $234,563 $253,046 $308,975 $52,345 ($44,926)

The Company has very few reserves against a disruptive adverse development7
Tangible Net Capital Has Decreased Sharply as Leveraged has Increased
2008
2009
2010
2011
2012
ytd
thousands $
Current assets $210,067 $260,342 $292,434 $321,070 $212,073 $337,726
Current liabilities $26,225 $40,867 $42,217 $39,196 $50,967 $97,830
Working Capital $183,842 $219,475 $250,217 $281,874 $161,106 $239,896
Debt
$0
$0
$0
$0 $82,842 $180,725
Net-net $183,842 $219,475 $250,217 $281,874 $78,264 $59,171

TaxAct and Monoprice’s importance is diminished, in our view, because Infospace is large and
important enough to bring the whole house of cards down. That being said, we think TaxAct and
Monoprice provide $1-$2 per share in downside protection. NOLs are of negligible value, given
the risks we’ve identified in this report. NOLs cannot fund fines and restitution.
Page 46 of 81
Appendix A: Blucora and Malware
Accompanying notes to the following table presented in Blucora = Involuntary clicks + Artificial clicks +
Illicit clicks:
Weight Suspect % of Total
BCOR PROPERTY Factor* Traffic** Traffic**
webcrawler.com
62.9%
33.0%
20.8%
Infospace.com
15.5%
94.8%
14.7%
metacrawler.com
12.6% 100.0%
12.6%
dogpile.com
9.0%
33.3%
3.0%
TOTAL SUSPECT TRAFFIC:
51.0%
*Weight factor - the importance of traffic, relative to BCOR's total traffic. based on rankings.
**Suspect Traffic - Involuntary, artificial, illicit, and otherwise irrelevant traffic.
***% of Total Traffic - each properties % contribution to total traffic. Weighted average of
*** (continued) the Suspect Traffic and the Weight Factor, respectively.
Comments: All BCOR properties have an unusually % of (A) elderly (B) foreign-based visitors




Webcrawler.com – Alexa ranks WebCrawler as the 400-500th most trafficked site on the
Internet in the world; it was ~7,000th just two year ago. For starters, this is too good to be true,
does not pass the “sniff test” (when is the last time you heard about webcrawler, outside this
report?). We conservatively estimate that 33% of webcrawler.com is suspect because:
1. Over 90% of webcrawler’s top search terms are unrelated and generic keywords
Hotmail, youtube, and facebook. This does not prove click fraud, but it is consistent with
documented incidences of click fraud. Google delivers no adwords for these terms.
2. Instead, we find that webcrawler is an aggressive acquirer child pornography terms (as
shown earlier).
3. Fantastigames.webcrawler.com is a tricky browser hijacker that presents itself as a
legitimate search engine. Most certainly consistent with driving suspect traffic.
4. 80% of webcrawler.com’s visitors originate from outside North America, specifically
over 33% of “visitors” originate from India, Pakistan, Indonesia, Nigeria, and Bangladesh.
India is a well known hot spot for click fraud.
Infospace.com –css.infospace.com, is a proven virus/browser hijacker and 94+% of
infospace.com traffic is directed to it.
metacrawler.com – metacrawler.com seems defunct, and even redirects traffic to zoo.com,
which has a popularity ranking an order of magnitude less than metacrawler (this makes no
sense). So we assume 100% traffic currently and going forward is suspect.
dogpile.com – We find the % of suspect traffic similar to webcrawler.com for similar reasons.
Page 47 of 81
What’s Behind Blucora’s Distributed search growth
Defining characteristics of most, if not all Blucora’s branded search engines:




Classified by experts as malware, spyware, viruses, and/or (best case) “malicious software”.
Difficult to remove. There are detailed instructions in all above cases, “how to remove”
Low quality traffic, involuntary traffic
Preys on the elderly, poor English speakers, and those who are busy / not attentive to detail.
A list of the malware we found associated with Blucora
Recent Blucora and related malware, browser hijackers, and viruses
1
dogpile search removal tool
2
fantastigames.webcrawler.com
3
metacrawler.com virus
4
Iminent.com (customer)
5
Fast Browser Search virus
6
infospace.com virus
7
Gamers Unite Snag Bar (coolchaser.infospace.com)
8
wsdsold.infospace.com/pemonitorhosted/ws/index
9
infospace.com/pemonitorhosted/search/home
10
Css.infospace.com Virus
11
Airzip.inspsearch.com Browser Hijacker
12
i.search.metacrawler.com
Do a simple search for ‘blucora malware’
Documented examples of virus/malware activity




What is the Fast Browser Search virus (redirect)? The Fast Browser Search virus, also referred to
as the fastbrowsersearch.com redirect, is potential malware developed by Blucora (Infospace)
categorized as a browser hijacker. http://botcrawl.com/how-to-remove-fast-browser-search/
What is Metacrawler (Metacrawler.com)? Metacrawler Toolbar is a malware add-on/extension
which installs to internet browsers with or without user consent. http://botcrawl.com/how-toremove-metacrawler-toolbar-malware-and-infospace-viruses/
Remove infospace.com virus. How to uninstall search
http://www.rescuemybrowser.com/infospace-com-virus-removal
How to uninstall (remove) Gamers Unite Snag Bar (coolchaser.infospace.com) see video:
http://www.youtube.com/watch?v=ZgOTxk-TkEQ
Page 48 of 81
Infospace.com is a fraudulent web search engine
“Infospace.com is a fraudulent web search engine which includes two parts named
start.infospace.com and dsclick.infospace.com. Infospace.com, actually, doesn’t work and is
associated with browser hijackers and rootkits such as Google Redirect Virus and ZeroAccess
rootkit.
Browser hijackers and rootkits involve a tracking cookie which helps cybercriminals to change
search results on Google and other major search engines and redirect Internet users to
Infospace.com and other malicious advertisement websites. Browser hijackers and rootkits
linked to Infospace.com also use the tracking cookie in a try to deliver ads and collect PC users’
personal information in order to transmit it to remote cybercriminals. After taking over the
affected web browser, these infections can change your default homepage and search engine.
Infospace.com won’t provide you any reliable and safe search engine services. If you try to
search for a certain keyword on any renowned search engine, eventually, you will get nothing
related to your query because your search results are changed to links unrelated to your query
instantly once you click on some of them, and you get diverted to Infospace.com. You should
configure your browser settings and remove all browser hijackers and rootkits to block irritating
diversions to Infospace.com.”
Source: http://www.enigmasoftware.com/infospacecom-removal/
Simple search of ‘infospace.com’:
Page 49 of 81
Css.infospace.com is a malicious advertising platform
Css.infospace.com is a malicious advertising platform used by several rogue adware and wicked
programs to display pop-up ads and advertisements in different browsers say Firefox, Internet Explorer
and Google Chrome. It enables search from the address bar of the web browser and redirects you to
malicious web pages. It tracks the browsing behavior or Internet activity of the user intelligently and also
collects data and sends them to hackers who misuse them for their own benefit. Once it gets into the
computer system it may load unnecessary useless files to slow-down computers functionality and causes
further serious issues especially related to entrapment and invasion of privacy. It also mess up with the
privacy settings of the browser and steals personal files and information. Css.infospace.com will
compromise your PC resources and disable certain functions due to which you may find issues in running
or executing some of the application of the system. There is no doubt that Css.infospace.com is a
dangerous malware and keeping it on the system will not do anything good for the PC. So, just make an
effective move to remove Css.infospace.com from the PC as soon it is detected.
Is Css.infospace.com Safe for PC & Browser?
No absolutely not, Css.infospace.com is not safe to use at all and it is because of the reason concerning
severe cyber criminal activities, exploitation of privacy and depletion of computer functionality and
performance. Some points that justifies the statement made above are listed below –




It installs in the computer system without user’s permission or consent often with free downloads.
It changes existing browser settings including provided search engines and home pages causing
it to redirect to related malicious websites.
As a tactic against innocent Internet users, it appears alike some legitimate search engine like
Google.com and persuade victims to use illegitimate search engine.
It often mess up with the privacy settings and exploits them to steal personal files or information.
Source: http://www.keepbrowsersafe.com/remove-css-infospace-com-get-rid-of-css-infospace-com-frompc
Page 50 of 81
New fraud (infospace scam) found, software bundle that is distributed on a torrent sites
{0 Comments}
Posted by Simon Dougal on February 12, 2013
in Malicious activities, Notifications
Hey guys, so we found one new fraud, we found one software bundle that can be found on few
torrent sites: eztv.it and extratorrent.com …
This software bundle is signed with Cool Mirage ltd.
CN = Cool Mirage ltd.
O = Cool Mirage ltd.
STREET = ogarit 39
L = tel aviv
S = tel aviv
PostalCode = 69016
C = IL
This software bundle has few variations that you can see from video we made, installer downloads 3
files:
http://www1.INSTALLSTARTER.com/TornTVApp.exe
http://www1.INSTALLSTARTER.com/newyontoo-c2.exe
http://www1.INSTALLSTARTER.com/IminentSetup645.exe
Also it has offer screen for all of them, on the end you have TornTV application which can be used
to watch copyrighted sport games, Iminent toolbar which also installs Iminent search engine and
homepage. Iminent toolbar sets http://start.iminent.com/ as homepage
Page 51 of 81
and http://start.iminent.com/StartWeb/1033/toolbox as search provider. Finally this bundle also
installs one more product from company named Yontoo LLC.
Source: http://www.youtube.com/watch?v=nVGZca-VO-Y and http://secure-the-internet.org/?p=100
What Is Css.infospace.com Virus?
Css.infospace.com is a bogus search engine that can attack all popular web browsers, like IE, Firefox,
Chrome and Google. Normally, this virus gets inside your PC with spam e-mail attachments, corrupt
websites and freeware installation packages. According to its infection symptoms, Css.infospace.com
has been classified as a kind of browser hijacker virus that should get rid of immediately.
Source: http://getridofallmalware.blogspot.com/2013/08/remove-cssinfospacecom-viruscompletely.html
How popular is infospace.com ?
Alexa Traffic Ranks:
Search Traffic:
What percentage of visits to this site come from a search engine?
Page 52 of 81
Upstream Sites
Which sites did people visit immediately before this site?
Site
Percent of Unique Visits
1. inspsearch.com
6.4%
2. snapdo.com
6.0%
3. iminent.com
3.2%
4. mysearchresults.com
2.9%
5. govome.com
2.7%
6. globososo.com
1.8%
7. facebook.com
1.5%
8. google.com
1.3%
9. babylon.com
1.3%
10. youtube.com
1.3%
Where do visitors go on infospace.com?
Subdomain
Percent of Visitors
ccs.infospace.com
94.81%
infospace.com
2.12%
search.infospace.com
0.91%
wsdsold.infospace.com
0.74%
reports.infospace.com
0.65%
utorrent.infospace.com
0.61%
coolchaser.infospace.com
0.54%
Page 53 of 81
Subdomain
Percent of Visitors
gateway.infospace.com
0.16%
eastlink.infospace.com
0.13%
Webcrawler.com related malware
Fantastigames.webcrawler.com is a tricky browser hijacker that presents itself as a legitimate search
engine and sneaks in the computers without the consent of the user. Once installed, the
Fantastigames.webcrawler.com make a number of changes in your browser that includes the home
page, default search engine and desktop background. This malicious application has the ability to
redirect all your browsing efforts towards unknown websites for the commercial purposes. The
Fantastigames.webcrawler.com can infect all the major browsers including the Firefox, Chrome, Explorer,
and Safari. Once it changes the vital settings in your browser, your screen will be flooded with the
annoying pop-up ads to promote the affiliate products. The notorious hackers and cyber criminals use
this virus as a tool to access the computer and reach to the confidential financial information about the
user. By accessing the information like credit card numbers and passwords, these cyber crooks can steal
your money without your knowledge. This dangerous browser hijacker is also known as a resource eater,
and can make your computer extremely slow once enter into the computer. Besides speed, the overall
performance also affected badly because of this infection.
The Manual Removal of Fantastigames.webcrawler.com
Once you confirmed the presence of the Fantastigames.webcrawler.com in your computer, you have
to delete this virus effectively to minimize the loss. This browser hijacker can be removed manually;
however, you must remember that the chances of the success of manual removal process very much
depend on your knowledge of removing such threats before. The instructions for the manual removal
of this infection are detailed below:Start the System in Safe Mode
In order to open your computer in the safe mode, you have to restart the computer, by pressing the
F8 key repeatedly to access to the boot options menu. Once you are able to see the boot options, you
have to select the safe mode and hit the Enter key.
Kill the Associated Processes
Open the windows task manager by holding the Ctrl+Alt+Delete keys together, and click on the
Processes tab to see the list of the running processes. Your goal is to find and delete the following
processes related to the Fantastigames.webcrawler.com virus:%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

Delete the Associated Files
Page 54 of 81
Access the system files folder and remove the following files that are considered as the associated
data of the Fantastigames.webcrawler.com : %Desktopdir%\Fantastigames.webcrawler.com.lnk
 %Programs%\Fantastigames.webcrawler.com\Fantastigames.webcrawler.com.lnk
Reverse the Modification in the Windows Registry
Click on the start menu, select the Run option, and write “RegEdit” before pressing the Enter key to
open the registry editor. Once the registry editor is accessed, you have to remove the following
malicious entries from the windows registry before closing the registry editor:





HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fantastigam
es.webcrawler.com\DisplayIcon
%AppData%\[RANDOM
CHARACTERS]\[RANDOM
CHARACTERS].exe,0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fantastigam
es.webcrawler.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fantastigam
es.webcrawler.com\UninstallString
“%AppData%[RANDOM
CHARACTERS][RANDOM
CHARACTERS].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM
CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fantastigam
es.webcrawler.com\ShortcutPath
“%AppData%\[RANDOM
CHARACTERS]\[RANDOM
CHARACTERS].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fantastigam
es.webcrawler.com\DisplayName Fantastigames.webcrawler.com
Finally, you have to reboot your computer in the normal mode and see the result of recent changes
you have made. Run a complete the system scan after updating the antivirus program.
Source: http://spywareremovers.com/how-to-remove-fantastigames-webcrawler-com
Something called WebCrawler keeps hijacking my browser. How do I stop it?
So some website called webcrawler.com keeps opening literally half a dozen windows at a time and
directing me to random websites, some of which aren't even in English. I've tried to remove it (since I'm
assuming it's a virus) using MalwareBytes, SuperAntiSpyware, Rkill, Norman Malware Cleaner, AND
Hitman Pro. But it keeps coming back.
So: what do I have to do to get rid of it? Please help, if you have any idea!
Additional Details
Oh. Also, there IS no extra toolbar, and nothing on my list of programs called WebCrawler. So I can't
exactly uninstall it.
Source: http://answers.yahoo.com/question/index?qid=20110815082540AAknHXN
Page 55 of 81
Dogpile.com Redirect Virus







Dogpile.com virus will do much harm to the infected computer:
Dogpile.com virus is a dangerous browser hijacker virus.
Dogpile.com virus changes the web browser settings.
Dogpile.com virus replaces your home page and search engine.
Dogpile.com virus collects and sends your private data for its servers.
Dogpile.com virus may introduce other computer viruses.
Dogpile.com virus slows down your Internet connection.
Source: http://pcvirusesremoval.blogspot.com/2013/10/remove-dogpilecom-redirect-virus.html
Another source, similar opinions:
Source: http://www.go-remove-malware.com/tag/dogpile-search-removal-tool/
And another:
Remove Dogpile.com redirect (Virus Removal Guide)
Dogpile Web Search is a browser hijacker, which is promoted via other free downloads, and once
installed it will change your browser homepage and default search engine tohttp://dogpile.com/.
Page 56 of 81
The Dogpile.com homepage will display advertisements and sponsored links in your
search results, and may collect search terms from your search queries. The
Dogpile.com hijack is used to boost advertising revenue, as in the use of blackhat SEO,
to inflate a site’s page ranking in search results.
Dogpile.com it’s technically not a virus, but it does exhibit plenty of malicious traits, such
as rootkit capabilities to hook deep into the operating system, browser hijacking, and in
general just interfering with the user experience. The industry generally refers to it as a
“PUP,” or potentially unwanted program.
Dogpile.com is an ad-supported (users may see additional banner, search, pop-up, popunder, interstitial and in-text link advertisements) cross web browser plugin for Internet
Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various
monetization platforms during installation. The browser extension includes various
features that will modify the default or custom settings of the browser including the
home page, search settings and in some cases will modify Internet Explorer’s load time
Page 57 of 81
threshold, place a lock file within Firefox to prevent competing software from zchanging
its settings as well as disable the browser’s Content Security Policy in order to allow for
cross site scripting of the plugin.
Dogpile.com homepage got on your computer after you have installed a freeware
software (video recording/streaming, download-managers or PDF creators) that had
bundled into their installation this browser hijacker.
For example, when you install VPlay, you will also agree to change your browser
homepage and default search engine to Dogpile.com
However when you uninstall VPlay from your computer, your web browser’s default
settings will not be restored. This means that you’ll have to remove Dogpile.com
homepage from your favorite web browser manually.
Page 58 of 81
Source: http://malwaretips.com/blogs/remove-dogpile-virus/
Search result , while searching for ‘dogpile.com’
Who visits dogpile.com?
Metacrawler.com
Metacrawler Toolbar is a malware add-on/extension which installs to internet browsers with or without
user consent. http://botcrawl.com/how-to-remove-metacrawler-toolbar-malware-and-infospaceviruses/
Page 59 of 81
Who visits metacrawler.com
Page 60 of 81
Page 61 of 81
Appendix B: A Closer Look at Blucora’s 2005-2010 Impropriety
Source: http://www.hbs.edu/faculty/Pages/profile.aspx?facId=417579
Harvard Professor Attacking Google Thrives as Web Sheriff
http://www.bloomberg.com/news/2014-02-14/harvard-professor-attacking-google-thrives-as-websheriff.html?utm_campaign=xlike1&utm_country=es&utm_timestamp=20140214101727EST
“He’s the Doogie Howser of online investigative work,” Microsoft’s Richard Boscovich, a former federal
prosecutor, is assistant general counsel at the software company’s digital-crimes unit.
“He’s part academic and part cyber sleuth,” Ken Dreifach, former chief of the Internet bureau of the
New York Attorney General’s Office.
In 2006, after Edelman wrote about Zango, the company agreed to pay $3 million to settle a Federal
Trade Commission complaint that it used unfair and deceptive methods to put advertising software on
consumers’ computers. Blinkx is using Zango’s software, Edelman said in his blog post.
Page 62 of 81
Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
January 12, 2010
I've repeatedly reported improper placements of Google ads. In most of my write-ups, the impropriety
occurs in ad placement -- Google PPC ads shown in spyware popups (1, 2, 3, 4), in typosquatting sites
(1, 2), or in improperly-installed and/or deceptive toolbars (1, 2). This article is different: Here, the
impropriety includes a fake click -- click fraud -- charging an advertiser for a PPC click, when in fact the
user never actually clicked.
But this is no ordinary click fraud. Here, spyware on a user's PC monitors the user's browsing to
determine the user's likely purchase intent. Then the spyware fakes a click on a Google PPC ad
promoting the exact merchant the user was already visiting. If the user proceeds to make a purchase -reasonably likely for a user already intentionally requesting the merchant's site -- the merchant will
naturally credit Google for the sale. Furthermore, a standard ad optimization strategy will lead the
merchant to increase its Google PPC bid for this keyword on the reasonable (albeit mistaken) view that
Google is successfully finding new customers. But in fact Google and its partners are merely taking credit
for customers the merchant had already reached by other methods.
In this piece, I show the details of the spyware that tracks user browsing and fakes Google PPC ad clicks,
and I identify the numerous intermediaries that perpetrate these improper charges. I
then criticize Google's decision to continue placing ads through InfoSpace, the traffic broker that
connected Google to this click fraud chain. I consider this practice in light of Google's advice to
advertisers and favored arguments that click fraud problems are small and manageable. Finally,
Ipropose specific actions Google should take to satisfy to prevent these scams and to satisfy Google's
obligations to advertisers.
Introducing the Problem: A Reader's Analogy
Reading a prior article on my site, a Register discussion forum participant offered a useful analogy:
Let's say a restaurant decides [it] wants someone to hand out fliers ... so they offer this guy $0.10 a
flier to print some and distribute them.
The guy they hire just stands at the front door and hand the fliers to anyone already walking through
the door.
Restaurant pays lots of money and gains zero customers.
Guy handing out the fliers tells the owner how many fliers were printed and compares that to how
many people bring the fliers into his restaurant.
The owner thinks the fliers are very successful and now offers $0.20 for each one.
It's easy to see how the restaurant owner could be tricked. Such scams are especially easy in online
advertising -- where distance, undisclosed partnerships, and general opacity make it far harder for
advertisers to figure out where and how Google and its partners present advertisers' offers.
Page 63 of 81
Google and Its Partners Covering Advertisers' Sites with Spyware-Delivered Click-Fraud Popups
PPC advertisers (e.g. Finish Line)
money
viewers
Google
money
viewers
InfoSpace
money
viewers
Cheapstuff
money
viewers
Adfirmative
money
viewers
dSide Marketing
money
viewers
Netaxle
money
viewers
eWoss
money
viewers
AdOn Network
money
viewers
Trafficsolar
The money trail - how funds flow from advertisers
to Google to Trafficsolar spyware.
In testing of December 31, 2009, my Automatic Spyware Advertising Tester browsed Finishline.com, a
popular online shoe store, on a virtual computer infected with Trafficsolar spyware (among other
advertising software, all installed through security exploits without user consent). Trafficsolar opened a
full-screen unlabeled popup, which ultimately redirected back to Finish Line via a fake Google PPC click
(i.e., click fraud).
My AutoTester preserved screenshots, video, and packet log of this occurrence. The full sequence of
redirects:
Trafficsolar opens a full-screen popup window loading from urtbk.com, a redirect server for AdOn
Network. (AdOn, of Tempe, Arizona, first caught my eye when it boasted of relationships with
180solutions/Zango and Direct Revenue. NYAG documents later revealed that AdOn distributed more
than 130,000 copies of Direct Revenue spyware. More recently, I've repeatedly reported AdOn
facilitating affiliate fraud, inflating sites' traffic stats, and showing unrequested sexually-explicit images.)
AdOn redirects to eWoss. (eWoss, of Overland Park, Kansas, has appeared in scores of spyware
popups recorded by my testing systems.)
eWoss redirects to Netaxle. (NetAxle, of Prairie Village, Kansas, has also appeared in numerous
popups -- typically, as here, brokering traffic from eWoss.)
Netaxle redirects to dSide Marketing. (dSide Marketing, of Montreal, Canada, says it provides fullservice SEO and SEM services.)
dSide Marketing redirects to Adfirmative. (Adfirmative, of Austin, Texas, promises "click-fraud
protected, targeted advertising" and "advanced click-fraud prevention.")
Page 64 of 81
Adfirmative redirects to Cheapstuff. (Cheapstuff fails to provide an address on its web site or in Whois,
though its posted phone number is in Santa Monica, California. Cheapstuff's web site shows a variety
of commercial offers with a large number of advertisements.)
Cheapstuff redirects to InfoSpace. (InfoSpace, of Bellevue, Washington, is discussed further in the
next section.)
InfoSpace redirects to Google, which redirects through DoubleClick and onwards back to Finish
Line -- the same site my tester had been browsing in the first place.
This placement is a bad deal for Finish Line for at least two reasons. First, Google charges Finish Line a
fee to access a user already at Finish Line's site. But that's more of a shake-down then genuine
advertising: an advertiser should not have to pay to reach a user already at its site. Furthermore, Google
styles its advertising as "pay per click", promising advertisers that "You're charged only if someone clicks
your ad." But here, the video and packet log clearly confirm that the Google click link was invoked without
a user even seeing a Google ad link, not to mention clicking it. Advertisers paying high Google prices
deserve high-quality ad placements, not spyware popups and click fraud.
Finally, the popup lacks the labeling specifically required by FTC precedent. Consistent with FTC's
settlement in its Direct Revenue and Zango cases, every spyware/adware popup must be labeled with the
name of the program that caused the popup, along with uninstall instructions. Furthermore, the FTC has
taken an appropriately dim view of advertising software installed on users' computers without user
consent. But every single Trafficsolar installation I've ever seen has arrived on my test computers through
security exploits, without consent. For these reasons, this Trafficsolar-Google popup clearly falls afoul of
applicable FTC requirements.
Critiquing InfoSpace's role
As shown in the prior section and diagram, traffic flows through a remarkable seven intermediaries en
route from Trafficsolar spyware to the victim Google advertiser. Looking at such a lengthy chain, the
problem may seem intractable: How could Google effectively supervise a partner's partner's partner's
partner's partner's partner's partner's partner? That insurmountable challenge is exactly why Google
should never have gone down this path. Instead, Google should place ads only through the companies
with which Google has direct relationships.
In this instance, when traffic finally gets to Google, it comes through a predictable source: InfoSpace. It
was InfoSpace, and InfoSpace alone, that distributed Google ads into the morass of subsyndicators and
redistributors detailed above.
Flipping through my records of prior InfoSpace observations, I was struck by the half-decade of bad
behavior. Consider:
June 2005: I showed InfoSpace placing Google ads into the IBIS Toolbar which, I demonstrated in
multiple screen-capture videos, was arriving on users' computers through security exploits (without
user consent). The packet log revealed that traffic flowed from IBIS directly to InfoSpace's Go2net.com
-- suggesting that InfoSpace had a direct relationship with IBIS and paid IBIS directly, not via any
intermediary.
August 2005: I showed InfoSpace placing ads through notorious spyware vendor Direct Revenue
(covering advertisers' sites with unlabeled popups presenting their own PPC ads). The packet log
revealed that traffic flowed from Direct Revenue directly to InfoSpace -- suggesting that InfoSpace had
a direct relationship with Direct Revenue and paid Direct Revenue directly, not via any intermediary.
Page 65 of 81
August 2005: I showed InfoSpace placing ads through notorious spyware vendor 180solutions/Zango.
The packet log revealed that traffic flowed from 180solutions directly to InfoSpace -- suggesting that
InfoSpace had a direct relationship with 180solutions and paid 180solutions directly, not via any
intermediary.
February 2009: I showed InfoSpace placing Google ads into WhenU popups that covered advertisers'
sites with their own PPC ads.
May 2009: Again, I showed InfoSpace using WhenU to cover advertisers' sites with their own PPC ads,
through partners nearly identical to the February report.
January 2010 (last week): I showed InfoSpace's still placing Google ads into WhenU popups and still
covering advertisers' sites with their own PPC ads.
And those are just placements I happened to write up on my public site! Combine this pattern of behavior
with InfoSpace's well-documented accounting fraud, and InfoSpace hardly appears a sensible partner for
Google and the advertisers who entrust Google to manage their spending.
Nor can InfoSpace defend this placement by claiming Cheapstuff looked like a suitable place to show ads.
The Cheapstuff site features no mailing address or indication of the location of corporate headquarters.
WHOIS lists a "privacy protection" service in lieu of a street address or genuine email address. These
omissions are highly unusual for a legitimate advertising broker. They should have put InfoSpace and
Google on notice that Cheapstuff was up to no good.
This Click Fraud Undercuts Google's Favorite Defense to Click Fraud Complaints
When an advertiser buys a pay-per-click ad and subsequently makes a sale, it's natural to assume that
sale resulted primarily from the PPC vendor's efforts on the advertiser's behalf. But the click fraud detailed
in this article takes advantage of this assumption by faking clicks to target purchases that would have
happened anyway. Then, when advertisers evaluate the PPC traffic they bought, they overvalue this
"conversion inflation" traffic -- leading advertisers to overbid and overpay.
Indeed, advertisers' following Google's own instructions will fall into the overbidding trap. Discussing
"traffic quality" (i.e. click fraud and similar schemes),Google tells advertisers to "track campaign
performance" for "ROI monitoring." That is, when an advertiser sees a Google ad click followed by a sale,
the advertiser is supposed to conclude that ads are working well and delivering value, and that click fraud
is not a problem. Google's detailed "Click Fraud: Anecdotes from the Front Line" features a similar
approach, advising that "ROI is king," again assuming that clicks that precede purchases must be
valuable clicks.
Google's advice reflects an overly optimistic view of click fraud. Google assumes click fraudsters will send
random, untargeted traffic. But click-frauders can monitoring user activities to identify the user's likely
future purchases, just as Trafficsolar does in this example. Such a fraudster can fake the right PPC clicks
to get credit for traffic that appears to be legitimate and valuable -- even though in fact the traffic is just as
worthless as other click fraud.
Page 66 of 81
What Google Should Do
Google's best first step remains as in my posting last week: Fire InfoSpace. Google doesn't need
InfoSpace: high-quality partners know to approach Google directly, and Google does not need InfoSpace
to add further subpartners of its own.
Google also needs to pay restitution to affected advertisers. Every time Google charges an advertiser for
a click that comes from InfoSpace, Google relies on InfoSpace's promise that the click was legitimate,
genuine, and lawfully obtained. But there is ample reason to doubt these promises. Google should refund
advertisers for corresponding charges -- for all InfoSpace traffic if Google cannot reliably determine which
InfoSpace traffic is legitimate. These refunds should apply immediately and across-the-board -- not just to
advertisers who know how to complain or who manage to assemble exceptional documentation of the
infraction.
More generally, Google must live up to the responsibility of spending other people's money. Through its
Search Network, Google takes control of advertisers' budgets and decides, unilaterally, where to place
advertisers' ads. (Indeed, for Search Network purchases, Google to this day fails to tell advertisers what
sites show their ads. Nor does Google allow opt-outs on a site-by-site basis -- policies that also ought to
change.) Spending others' money, wisely and responsibly, is a weighty undertaking. Google should
approach this task with significantly greater diligence and care than current partnerships
indicate. Amending its AdWords Terms and Conditions is a necessary step in this process: Not only
should Google do better, but contracts should confirm Google's obligation to offer refunds when Google
falls short.
I'm disappointed by Google's repeated refusal to take the necessary precautions to prevent these scams.
InfoSpace's shortcomings are well-known, longstanding, and abundantly documented. What will it take
get Google to eject InfoSpace and protect its advertisers' budgets?
Source: http://www.benedelman.org/news/011210-1.html#infospace
How Yahoo Funds Spyware
August 31, 2005 - Updated, September 5, 2005
[ home | bio | publications | media coverage | invited presentations ]
[ email ]
[ request project updates ]
Yahoo's Overture (recently renamed Yahoo Search Marketing) allocates pay-per-click (PPC) ads among
Yahoo's network of advertisers. When users run searches at yahoo.com, Yahoo's advertisers are
assigned placements at the top, right, and bottom of search results. Advertisers pay Yahoo a fee when
users click on their ads.
But Yahoo doesn't just show advertisers' ads on yahoo.com; Yahoo also distributes advertisers' ads to
Yahoo's various syndication partners. Many of these partners are entirely legitimate: For example, most
advertisers will be happy to show their ads to users running searches at washingtonpost.com, where
Yahoo sponsored links complement searches of Post articles.
However, serious concerns arise where Yahoo syndicates advertisers' ads to be shown by advertising
software installed on users' PCs -- software typically known as spyware or adware. In my testing, Yahoo's
Page 67 of 81
funding of spyware is widespread and prevalent -- an important source of revenue for many spyware
programs installed on millions of users' PCs. Were it not for Yahoo's funding of these programs, the
programs would be far less profitable -- and there would be fewer such programs trying to sneak onto
users' PCs.
Yahoo's funding of spyware is not unique. I've recently written about Google's funding of similar bad
actors (1, 2). Earlier this year, FindWhat disclosed related problems, admitting that terminating its dubious
distributors would reduce revenues by at least 5%. But in my hands-on testing of various spywareinfected PCs, I find that I receive Yahoo-syndicated ads more frequently than I receive such ads from any
other single PPC network.
This article proceeds in three parts. First, I show examples of Yahoo ads supporting Claria, eXact
Advertising, Direct Revenue, 180solutions, and various others; I also review the objectionable practices of
each of these vendors. (Numerous additional examples on file.) Second, I review Yahoo's disclosures to
advertisers -- finding that Yahoo has failed to tell advertisers about its controversial syndication partners,
even in general terms. I conclude with recommendations to Yahoo (and other PPC search engines that
allow syndication), as to how to put an end to this mess and avoid such problems in the future.
Claria (Gator / GAIN): SearchScout Popunders of Yahoo Sponsored Links
A Yahoo Overture popunder, delivered by Claria, targeting a
Google search for the same phrase. Shown after activating the popunder.
Page 68 of 81
A Yahoo Overture popunder, delivered by Claria, showing
sponsored results for "computer" when users visit Dell.com. Shown after activating the popunder and right-clicking the ad to
show its destination.
PPC advertisers (i.e. Dell)
money
viewers
Yahoo Overture
money
viewers
Claria (Gator / GAIN)
The money trail - how funds flow from advertisers to Yahoo Overture to Claria.
Likely Yahoo's largest single advertising software syndicator, Claria shows Yahoo Overture pay-per-click
ads in popunders triggered by users' web browsing.
Before showing Yahoo ads, Claria software must first become installed on users' computers. Claria's
installation often proceeds without meaningful user consent. For example, Claria often gets installed
through software bundles -- where a user seeks one program but gets Claria too. Historically, Claria's
bundles have featured lengthy license agreements (as long as 5,900+ words and 63 on-screen pages),
broken license formatting (missing line breaks, making section headings hard to find), and substantively
unreasonable terms (including restrictions on how users can remove Claria software). Claria also
promotes its software through banner ads -- including ads on kids sites, claiming to fix computer
clocks or improve computer security,showing a license only after installation has begun and cannot be
cancelled. Some Claria uninstallers don't work -- leading users in circles rather than actually removing
Claria software.
Claria's core business is showing pop-up ads specifically purchased by advertisers. (See my 2003 listings,
including well-known advertisers. See also PC Pitstop listing based on Claria 2003 disclosures.) But
Claria also shows popunders of Yahoo Overture sponsored links. Search for "computer repair" at any
major search engine, and Claria adds a popunder giving Yahoo Overture ads for that same term.
Sponsored link popunders also target specific web sites. Visiting Dell often yields a Claria popunder of
Yahoo Overture ads for "computer."
Claria's provision of Yahoo Overture sponsored links raises clear questions of business benefit for
affected advertisers. In the second screenshot at right, the user was already at the Dell.com site. (Indeed,
Dell might have just paid several dollars to reach that user, via a pay-per-click ad at Yahoo, Google, or
elsewhere.) Claria's popunder risks drawing the user's attention away from Dell -- but if the user then
clicks on the prominent Dell ad in Claria's Overture listing, Dell has to pay again for the same user who
was already at the Dell site. Why pay Yahoo and Claria to get the user back, when it was they who took
the user from Dell in the first place?
Page 69 of 81
Claria's provision of Yahoo Overture sponsored links also presents ethical concerns. Many advertisers
dislike Claria's practices -- including its aggressive methods of becoming installed on users' PCs, its
serious effects on privacy, and its harm to computer performance. Indeed, when I previously revealed that,
through another channel, Dell was advertising with Claria in mid 2004, Dell staff sought to distance Dell
from Claria, commenting "[T]oday we do not do business with anyone like Claria." But despite Dell's
stated dislike of Claria, Dell does help fund Claria when Dell purchases pay-per-click ads from Yahoo:
Payment flows from Dell to Yahoo to Claria, as shown in the diagram at right. Same for thousands of
other Yahoo Overture advertisers.
In the future, Claria purports to plan to shut down its popup business. That's a move I applaud -- it's been
a bad business from the start. But at present Claria still serves lots of popups -- including Yahoo Overture
popunders as frequently as every few minutes. These ads are big money: Claria's 2003 SEC
S1 discloses receiving $31 million from Yahoo in 2003 alone -- despite a relationship only in place for 9
months of that year. Annualizing the payment and taking account of the dramatic increase in pay-per-click
fees, Yahoo might now be paying Claria $50 million or more per year. (It's hard to know for sure because
Claria hasn't filed more recent financial disclosures, and Yahoo doesn't include this level of detail in its
financial reports.)
eXact Advertising - Popups and Sidebars of Yahoo Sponsored Links
A Yahoo Overture auto-opening sidebar, delivered by eXact
Advertising, targeting Google search results.
PPC advertisers
money
viewers
Yahoo Overture
money
viewers
eXact Advertising
The money trail - how funds flow from advertisers to Yahoo Overture to eXact Advertising.
Claria claims to always install with consent -- however tricky or ill-gotten, per my testing and
documentation. But other Yahoo Overture syndicators can't even make this claim. On dozens of
occasions, I have observed and recorded software from eXact Advertising installed through security holes,
with no notice or consent. (Some examples: 1, 2.) I've also seen eXact installed bytricky popups claiming
to be required to view sexually-explicit videos, and by unrequested popups claiming to offer "browser
enhancements." Others have reported eXact bundled by P2P-distributed videos purporting to offer child
pornography, and even by instant messenger worms. In short, when a user has software from eXact, the
Page 70 of 81
user is unlikely to have granted meaningful informed consent to the installation, and the user may not
have granted any consent at all. Reporters tell me that eXact claims to have fixed these problems, but
that's just not true: I've received nonconsensual installations of eXact software this very week. Videos on
file.
Despite its poor installation practices, eXact receives Overture sponsored links, shows these
advertisements to users, and presumably is paid by Yahoo for doing so.
See screenshot at right, showing an eXact auto-opening sidebar that appeared as I ran a search at
Google. The sidebar shows Yahoo Overture links, and clicking a link sends users to Overture and on to
the advertiser (without passing through any other search intermediary). Notice the Overture reference in
the browser status bar as I hold my mouse over a sponsored link.
To typical users, the eXact-delivered Yahoo Overture sidebar appears to be an integrated part of search
results -- presumably delivered by Google (or whatever other search engine the user had requested).
Notice the absence of any distinctive branding, logo, disclosure, or other identification that the sidebar
comes from eXact and Overture. To find such a disclosure, a user must scroll to the bottom of the sidebar.
Even there, the disclosure is truncated and hard to read. Screenshot.
eXact's BullsEye service also shows sponsored link listings in freestanding windows. Here too, results are
obtained from Yahoo Overture. Screenshot.
Direct Revenue - Popups and Popunders of Yahoo Sponsored Links
A Yahoo Overture popunder, delivered by Direct Revenue,
targeting Dell. Shown after activating the popunder.
PPC advertisers (i.e. Dell)
money
viewers
Yahoo Overture
money
viewers
InfoSpace
money
viewers
Direct Revenue
The money trail - how funds flow from advertisers to Yahoo Overture to Direct Revenue.
Page 71 of 81
Direct Revenue installations are at least as poor as eXact. I have numerous videos on file showing DR
installed without consent (one such video on my public site). DR also uses various other tricky methods to
get installed -- like tricky popups, bundles, etc. But DR is perhaps worse than other advertising software
in its unusual difficulty of removal (requiring downloading a special uninstaller from DR's web site). DR is
also unusual in its ability to disable and delete other software on a user's PC.
Despite these troubling practices, DR also shows Yahoo Overture ads. See e.g. the example ad at right.
The searchblazer results appeared when I browsed to Dell.com. Notice Direct Revenue's "Aurora"
branding in the upper-left corner and title bar. Although the ad's body lacks any Direct Revenue branding
or logo, the ad was loaded from the search.offeroptimizer.com server, a server under DR's control.
(Offeroptimizer.com is a well-known DR domain.) Furthermore, clicking on a sponsored link within the ad
caused traffic that first passed through search.offeroptimizer.com en route to Overture. In short, this ad is
not a rogue advertiser buying traffic from Direct Revenue. Rather, these sponsored links were specifically
placed by Direct Revenue itself.
When I clicked on the first sponsored link shown at right, traffic flowed as listed below. See also full
packet log.
http://xadsj.offeroptimizer.com/c/click.php?c=48685&s=5261&...
http://msxml.infospace.com/_1_B2HUEF099WI63__dirrev.feed.pu1/...
http://www10.overture.com/d/sr/?xargs=...
http://landingstrip.dell.com/landingstrip/ls.asp?CID=8278&LID=230157&...
As indicated in the diagram at right and in the traffic flow above, Yahoo Overture syndicates its ads to
InfoSpace, and InfoSpace in turn syndicates these ads to Direct Revenue. This series of relationships
makes it particularly hard for Yahoo Overture to know where its advertisers' ads will appear: Yahoo must
count on InfoSpace to assure the quality, ethics, and compliance of InfoSpace's partners.
This is not the first instance of InfoSpace partners with questionable practices. In June
I documented Google ads syndicated to the IBIS Toolbar (also known to become installed without
consent). Like Overture ads passing through InfoSpace en route to Direct Revenue, these Google ads
were passed from Google InfoSpace to IBIS.
As in the Claria examples above, Direct Revenue syndications of Yahoo Overture ads often ask
advertisers to pay for visitors already at their sites. In the example above, Dell was targeted by a list of
sponsored links that places Dell in both of the top two positions. If a user clicks on one of these links, Dell
pays Yahoo (and ultimately Direct Revenue) for a user who wasalready at the Dell site. Screenshot.
180solutions - Popups of Yahoo Sponsored Links
A Yahoo Overture popup delivered by 180solutions.
Page 72 of 81
PPC advertisers (i.e. Driverloans)
money
viewers
Yahoo Overture
money
viewers
InfoSpace
money
viewers
180solutions
The money trail - how funds flow from advertisers to Yahoo Overture to 180solutions.
When I first posted this piece, I included no mention of 180solutions. My rationale: They've been involved
in so many widely-publicized spyware scandals -- from installing without consent, toinstalling with
euphemisms (but no EULA) at kids sites, to installing at child porn sites -- that undisclosed syndication of
Yahoo Overture ads seemed like the least of their problems. Perhaps that's right. But multiple readers
asked me whether 180 wasn't involved also, and why 180 wasn't included in my write-up. So make no
mistake about it: 180 shows Yahoo Overture ads too.
The screenshot at right shows a popup of Yahoo Overture ads delivered by 180solutions. In testing, I
click on the ad, and traffic flows to InfoSpace, then to Overture, then to the advertiser. See traffic log
below, and full packet log. See also a video of this click, showing the cookies created as a result of the
click.
http://searchresults.180searchassistant.com/clicks.php?p==...
http://msxml.infospace.com/_1_YWCU9J03JUL8FV__180sol.feed/...
http://www10.overture.com/d/sr/?xargs=...
http://www.driverloans.com/app/2p1a?x=seoyahoo:value
Other Advertising Software Installed Improperly - Showing Yahoo Sponsored Links
Yahoo Overture ads in an auto-opening sidebar delivered by
Sidefind, showing Dell sponsored links in response to type-in requests for the Dell.com site.
PPC advertisers (i.e. Dell)
money
viewers
Yahoo Overture
money
viewers
81.201.104.136
money
viewers
Page 73 of 81
trafficengine.net
money
viewers
SideFind
The money trail - how funds flow from advertisers to Yahoo Overture to SideFind.
Claria, eXact Advertising, Direct Revenue, and 180solutions are all relatively well-known programs -each installed on millions (or tens of millions) of PCs, and each backed by major investors. But Yahoo
also helps to fund vendors who are far less well-known.
Earlier this summer, in the course of documenting Google funding IBIS, I also prepared detailed proof
showing how Yahoo ads get syndicated to IBIS too. Video and packet logs on file.
Just this past week, I happened to test a computer infected with a variety of unwanted software (a few
disclosed in license agreements; most not). I observed that traffic was sent to Yahoo from both
"Slotchbar" (an unrequested toolbar added to my test PC's browser without my consent) and "SideFind"
(an auto-opening browser sidebar, also installed without consent). I have video and packet logs on file,
showing these nonconsensual installations as well as their syndication of PPC advertisements from
Yahoo Overture. The screenshot at right shows the auto-activating SideFind sidebar, targeting a type-in
request for Dell with various sponsored links, largely pointing back to Dell.
These are just a few of the additional examples I have observed and recorded.
In some instances, Yahoo's dealings with these smaller spyware vendors entail traffic passing
through multiple levels of intermediaries. For example, when SideFind sends traffic to Yahoo Overture,
the traffic passes through trafficengine.net and then through an unnamed server at IP address
81.201.104.136 (reportedly operated by Copernic/Inktomi) before reaching Overture. See diagram at right,
traffic log below, and full packet log.
http://www.sidefind.com/ist/scripts/log_clicks.php?account_id=...
http://feeds.trafficengine.net/click.ashx?key=computers...
http://81.201.104.136/fast-cgi/bsc?context=redir...
http://www6.overture.com/d/sr/?xargs=...
http://landingstrip.dell.com/landingstrip/ls.asp?CID=8278...
In principle, these many levels of intermediation might make it especially hard for Yahoo to know where
traffic begins. However, Yahoo ultimately has a direct relationship with some final source who sends the
traffic to Yahoo. (In this example, Yahoo has a direct relationship with the operators of the
81.201.104.136 server.) So Yahoo can require that that final source take steps to keep Yahoo's ads out of
spyware. Furthermore, syndicated traffic often includes a HTTP Referer header that gives the name of
the originating site. For example, in the Sidefind packet log, Yahoo's servers receive a HTTP Referer
header bearing the domain name sidefind.com, making it easy for Overture to see where traffic began.
With its servers specifically receiving the name and URL of the traffic's source, Yahoo cannot claim not to
know where its ads are being shown.
Yahoo's Failure to Disclose
If Yahoo's advertisers were fairly advised of Yahoo's plan to syndicate their ads to spyware programs,
Yahoo might claim to be acting solely as their agent; perhaps advertisers want to buy advertising from
Claria, eXact, DR, 180, and other such vendors. But in fact Yahoo fails to tell advertisers what will occur -so Yahoo's syndication of advertisers' ads cannot be claimed to occur with advertisers' authorization.
Page 74 of 81
Yahoo's marketing materials are silent on the risk of spyware syndication, even where Yahoo's
syndication relationships are large and longstanding (i.e. Claria). Within Yahoo's marketing materials to
solicit new advertisers, Yahoo's "Publisher Network" page mentions various syndicators of Yahoo ads,
but Yahoo fails to mention even a single "adware"-type program. Yahoo's formal Advertiser Terms and
Conditions doesn't mention adware either, and this document discloses advertisement syndication only to
say that Yahoo syndicates ads to "various third parties who may be authorized by Overture to make the
Sponsored Listings Marketplace Results available as a link from, an add-on service to, or otherwise in
connection with Third Party Products." Yahoo defines these third-party products broadly, as "Web sites,
content, applications and/or e-mails." "Applications" alludes to spyware -- but makes no mention of the
specific nature of these applications, nor of the likelihood that these applications install by security
exploits, trickery, or taking advantage of users' naivete.
Only at Yahoo's privacy page does Yahoo make specific mention of any of its advertising software
syndicators. Even there, Yahoo mentions only Claria, and Yahoo calls Claria an "ad network" -- without
mention of its adware, its software download, and its substantial privacyconsequences. Furthermore,
Yahoo's privacy page states only that Yahoo has a "relationship" with Claria -- but says nothing about the
nature or scope of that relationship, i.e. that Claria shows Yahoo Overture ads. In any event, advertisers
are unlikely to look to a page about consumer privacy in order to learn where their ads will be shown.
Given the perceived importance and value of Yahoo's pay-per-click advertising network, some advertisers
might choose to advertise with Yahoo despite the blemish of Yahoo's dealings with spyware companies.
Others might decide not to advertiser with Yahoo at all, if advertising with Yahoo necessarily entails
supporting spyware. But where Yahoo fails to disclose these relationships, advertisers are denied this
choice.
What Yahoo Should Do
In my view, Yahoo -- and other PPC networks facing similar problems -- should begin by developing and
distributing clear rules for who may syndicate their ads. Last year a Yahoo spokesperson told eWeek that
"Overture screens its distribution partners to make sure they gain user permission before downloading
software." "Permission" may sound clear-cut, but in practice it's a surprisingly imprecise concept. What
about "permission" obtained under false pretenses -- like promising tofix a user's clock or to improve
security, but actually adding advertising software? What about "permission" obtained from a user at a kids
site? What about syndicators that buy traffic from advertising software installed without consent, but that
don't make such software of their own? PPC networks need rules that speak to these situations -presumably forbidding all these methods of trickery and deception.
After clarifying their stance on spyware syndicating their ads, PPC networks need to redouble their efforts
at enforcement. Tellingly, even Yahoo's "permission" standard is violated by the frequent nonconsensual
installations of Direct Revenue and eXact Advertising (links above). Nonconsensual installations of these
programs are well known to those who test and study spyware, and they're frequently reported at
spyware news sites like Spyware Warrior. PPC network staff need to become familiar with these basic
industry sources and testing methods, and they need to enforce their rules accordingly.
At present, Yahoo has many PPC syndicators -- apparently hundreds or thousands. (Yahoo does not
disclose all its syndicators.) Finding all rogue syndicators may prove hard, especially if Yahoo's
syndicators have further partners of their own (as in the Direct Revenue / InfoSpace and SideFind
examples, above). In this article, I've focused on a few large and well-known syndicators who rely on
software installed on millions of PCs, but smaller players are often harder to find and identify.
Nonetheless, I've found dozens of rogue PPC syndicators using only a single off-the-shelf PC in my lab.
(See above.) With all their resources, big PPC networks (like Yahoo) can surely do far better.
Page 75 of 81
Enforcement also needs to include real penalties for those who break the rules. Merely ejecting a rogue
syndicator does not deter future violations: Others see that they can make money from PPC syndication
through spyware, anticipating only a slap on the wrist when these practices are discovered. A better
enforcement strategy would seek to recapture fees previously paid to rogue syndicators -- then refund
advertisers for ads shown improperly. If a PPC network adopted this strategy and sued its rogue
syndicators where necessary, other rogues would be less anxious to follow.
Beyond advertiser backlash and consumer demand, PPC networks face regulatory pressure to avoid
supporting spyware through PPC syndication. For example, in the course of their investigation of Intermix,
staff of the New York Attorney General revealed that Yahoo contributed 10% of Intermix's revenue. NYAG
staff say they're "not ruling out" litigation against Yahoo for funding Intermix. More recently, rumors
indicate a possible NYAG investigation of Direct Revenue. Given Yahoo's past support for Intermix, I
wonder how NYAG will react to seeing Yahoo funding Direct Revenue too.
If a PPC network can't or won't eliminate rogue syndicators, it could at least grant advertisers the ability to
opt out of particular unwanted syndications. Others have offered this suggestion on various occasions
(e.g. Kraft seeking to avoid syndicating its ads to white supremacy groups), as to both Yahoo Overture
and Google. Affiliate networks all offer this level of granularity -- letting each affiliate merchant decide
what affiliates may earn fees for promoting it. But to my knowledge, no major PPC search engine offers
this level of advertiser control.
Ultimately, PPC syndication offers savvy PPC networks a valuable opportunity -- a chance to lead
industry efforts to stop the spread of unwanted advertising software. Earlier this week,
Azoogle launched its new "MPORT" network with the promise of keeping the network entirely adware-free.
With a bit of effort and a renewed commitment to stopping spyware, Yahoo could bring MPORT's noadware benefit to Overture advertisers too.
Source: http://www.benedelman.org/news/083105-1.html
Page 76 of 81
End Notes
Introduction
1. Dot-con job: How InfoSpace took its investors for a ride, Seattle Times
http://seattletimes.com/html/businesstechnology/2002198103_dotcon1main06.html
2. Spitzer: Merrill analyst pitched stock he called 'junk' , USA Today,
http://usatoday30.usatoday.com/money/finance/2002-04-15-spitzer-email-evidence.htm
3. Google on Cloaking, https://support.google.com/webmasters/answer/66355?hl=en
4. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
http://www.benedelman.org/news/011210-1.html
5. BCOR 10Q for Q2 2010
Blucora = Involuntary clicks + Artificial clicks + Illicit clicks
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
BCOR Monoprice Transaction Presentation
BCOR 10K and 10Q filings.
Alexa.com (some of the rankings change daily, but are approximately correct)
Visit Metacrawler.com, and https://adblockplus.org/forum/viewtopic.php?t=20286
Alexa.com (some of the rankings change daily, but are approximately correct)
Babylon Has Record Plunge as Google Deal Ends: Tel Aviv Mover,
http://www.bloomberg.com/news/2013-10-30/babylon-has-record-plunge-as-google-dealends-tel-aviv-mover.html
BCOR 10K and 10Q filings.
THE FOURTH QUADRANT: A MAP OF THE LIMITS OF STATISTICS By Nassim Nicholas Taleb
[9.14.08], http://edge.org/conversation/the-fourth-quadrant-a-map-of-the-limits-of-statistics
Enigma Software Group, http://www.enigmasoftware.com/infospacecom-removal/
Alexa.com (some of the rankings change daily, but are approximately correct)
“”
How To Remove Fantastigames.Webcrawler.Com, http://spywareremovers.com/how-toremove-fantastigames-webcrawler-com
Remove Dogpile.com redirect (Virus Removal Guide) http://malwaretips.com/blogs/removedogpile-virus/
Alexa.com (some of the rankings change daily, but are approximately correct)
How To Remove MetaCrawler Toolbar Malware And Infospace.com Viruses (Metacrawler.com
Hijacker Virus, http://botcrawl.com/how-to-remove-metacrawler-toolbar-malware-andinfospace-viruses/
Alexa.com (some of the rankings change daily, but are approximately correct)
Visit Metacrawler.com, and https://adblockplus.org/forum/viewtopic.php?t=20286
Alexa.com (some of the rankings change daily, but are approximately correct)
“”
Page 77 of 81
20. Discerning click fraud, http://www.legalzoom.com/business-management/running-yourbusiness/discerning-click-fraud
21. Alexa.com (some of the rankings change daily, but are approximately correct)
22. “”
23. “”
24. BCOR 10K 2012
25. Discerning click fraud, http://www.legalzoom.com/business-management/running-yourbusiness/discerning-click-fraud
26. Alexa.com (some of the rankings change daily, but are approximately correct)
27. “”
28. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
http://www.benedelman.org/news/011210-1.html
29. http://www.bloomberg.com/apps/news?pid=conewsstory&tkr=IFP2:GR&sid=aEpAST80cOIA
http://press-release.medianama.com/aditi-technologies-to-acquire-infospace-indiadevelopment-center-223
30. Aditi.com, Google Maps
31. BCOR 2Q 2010 10Q
32. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
http://www.benedelman.org/news/011210-1.html
33. http://www.bloomberg.com/apps/news?pid=conewsstory&tkr=IFP2:GR&sid=aEpAST80cOIA
http://press-release.medianama.com/aditi-technologies-to-acquire-infospace-indiadevelopment-center-223
34. BCOR 2Q 2010 10Q
35. BCOR press release
36. BCOR press release
37. BCOR 10K and 10Q filings
38. InfoSpace Changes Corporate Name to Blucora, Inc.,
http://investor.blucora.com/releasedetail.cfm?ReleaseID=681130
39. BCOR 10K and 10Q filings
40. Google Maps
41. Pradeep Rathinam, Linkedin.com https://www.linkedin.com/pub/pradeep-rathinam/0/7b1/887
42. Infospace India, Linkedin.com, https://www.linkedin.com/company/infospace-technologiesindia-pvt-ltd
43. BCOR 10Q Q3 2012, alexa.com for traffic graphs
44. BCOR 10Q filings compared against BCOR 10K 2012 statement cited.
45. Zero tolerance child porn policy http://googleblog.blogspot.com/2006/06/protecting-childrenonline.html
46. Source: http://www.keywordspy.com/
47. Google.com
48. Google.com , and BCOR 10K 2006
49. Alexa.com (some of the rankings change daily, but are approximately correct)
50. Dogpile.com, webcrawler.com, and google.com
Page 78 of 81
Blucora’s History of Bad Behavior: The Iminent.com Problem
1. Google and Yahoo! banish WhenU.com for distorting search rankings, http://www.outlaw.com/page-4541
2. “”
3. Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware
http://www.benedelman.org/news/010510-1.html
4. BCOR 2010 Q2 10Q
5. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying,
http://www.benedelman.org/news/011210-1.html
6. Buckley Blucora Presentation, http://www.businessinsider.com/zack-buckley-blucorapresentation-2013-5?op=1
7. Google.com
8. New fraud found, software bundle that is distributed on a torrent sites http://secure-theinternet.org/?p=100
9. Google.com
10. New fraud found, software bundle that is distributed on a torrent sites http://secure-theinternet.org/?p=100
11. Google on Cloaking, https://support.google.com/webmasters/answer/66355?hl=en
Google is Better off without Infospace/Blucora
1. Babylon Has Record Plunge as Google Deal Ends: Tel Aviv Mover
http://www.bloomberg.com/news/2013-10-30/babylon-has-record-plunge-as-google-deal-endstel-aviv-mover.html
2. Google and Microsoft agree steps to block abuse images http://www.bbc.co.uk/news/uk24980765
3. Zero Tolerance Policy http://googleblog.blogspot.com/2006/06/protecting-children-online.html
4. Webcrawler.com
5. Amended Agreement, GOOG BCOR,
http://www.sec.gov/Archives/edgar/data/1068875/000119312511129038/dex101.htm
6. BCOR 10K 2012
7. Buckley Blucora Presentation, http://www.businessinsider.com/zack-buckley-blucorapresentation-2013-5?op=1
8. Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware,
http://www.benedelman.org/news/010510-1.html
Ties that Blind: “You’re only as good as the company you keep
1. Blucora website, management biographies, BCOR SEC filings.
2. BCOR 2006 10K
3. Google.com
Page 79 of 81
4. Alexa.com
5. BCOR press release, InfoSpace Partners with blinkx to Offer Video Search Functionality on
Award-Winning Dogpile.com
6. “Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying , Ben
Edelman
7. With a Lifeline to London, Blinkx Builds the World’s Largest Video Search Index,
http://www.xconomy.com/san-francisco/2010/11/30/with-a-lifeline-to-london-blinkx-buildsthe-worlds-largest-video-search-index/
8. The Darker Side of Blinkx, Ben Edelman
9. Alexa.com
10. Pavel Lyadnov https://www.linkedin.com/pub/pavel-lyadnov/23/160/70a
11. Google maps
12. https://www.linkedin.com/in/shakedtal
13. Naveen Jain's Latest Scam: Intelius, http://techcrunch.com/2008/05/29/naveen-jains-inteliusprepares-to-go-public-how-much-of-their-revenue-is-a-scam/
14. Intelius S-1 Filing
15. Meet Inome: The latest thing to sprout from Naveen Jain
http://www.geekwire.com/2012/inome-naveen-jains-latest-entrepreneurial-pursuit/
16. http://www.iminent.com/Help/faq
Non-GAAP is Back
1. InfoSpace bubble-era accounting highly "complicated",
http://usatoday30.usatoday.com/tech/techinvestor/industry/2005-03-10infospace_x.htm?csp=34
2. Dot-con job: How InfoSpace took its investors for a ride, Seattle Times
http://seattletimes.com/html/businesstechnology/2002198103_dotcon1main06.html
3. BCOR 10K filings
4. BCOR 10K and 10Q filings.
5. Dot-con job: How InfoSpace took its investors for a ride, Seattle Times
http://seattletimes.com/html/businesstechnology/2002198103_dotcon1main06.html
6. BCOR 10K filings.
7. EdgarPro
8. BCOR proxy filings.
9. BCOR 10K filings
10. “”
Page 80 of 81
BCOR Shares Are Worth No more Than $5.00 per Share
1. THE FOURTH QUADRANT: A MAP OF THE LIMITS OF STATISTICS By Nassim Nicholas Taleb
[9.14.08], http://edge.org/conversation/the-fourth-quadrant-a-map-of-the-limits-of-statistics
2. Yahoo! Finance
3. Babylon Has Record Plunge as Google Deal Ends: Tel Aviv Mover,
http://www.bloomberg.com/news/2013-10-30/babylon-has-record-plunge-as-google-dealends-tel-aviv-mover.html
4. BCOR 10K and 10Q filings
5. “”
6. “”
7. “”
Page 81 of 81