LinksAdor

This is a contextual adware application which displays a web site (the ad) based on the web site the end user is currently viewing. The trigger for the ad display can be based on a URL or keywords from the viewed web page.

On multiple installations from the LinksAdor web site, we found:

• A EULA for the installation of LinksAdor was inconsistently presented to the end user. There were some instances for the LinksAdor software being installed without notification to the end user. FTC guidelines dictate the end user must consent to the installation of software on their computer.
• The LinksAdor application was bundled with free software, such as a screen saver. With at least one installation, our "free" screensaver was a demo version, which was not properly disclosed.
• Other adware applications were also installed with the bundle.

When the end user arrives to a web page matching triggering criteria for an ad display, we observed two general behaviors by the LinksAdor software:

• A new browser window is opened via a new tab displaying the ad. The new tab is displayed in foreground.
• The browser window currenly in use is "hijacked" with the ad URL replacing the URL the end user had been attempting to access.
• New tab displays occurred more frequently than browser hijacks.
• Ad displays were not labeled as originating from the LinksAdor software. FTC guidelines dictate that ads displayed by adware should be labeled to accurately reflect their origin.

We did not find any type of trigger list for ad displays to be downloaded locally onto the end user's computer. Rather the LinksAdor software sends out calls to their servers transmitting the URL being viewed by end user for determination of an ad display. This type of monitoring of end user surfing behavior is generally considered either tracking software or spyware by security companies, particularly if the end user is not properly informed in the EULA and/or Privacy Statement connected with the software. 

We observed two primary revenue sources for the LinksAdor adware:

• Affiliate links belonging to LinksAdor. We have found multiple affiliate accounts on various web sites owned by LinksAdor.
• Displays of ads purchased by advertisers on a CPV/PPV model. These ad buys can be by other affiliates and we have documented such instances. Merchants may also engage in these ad buys directly. In other instances, the ad buys may display PPCSE listings.
• While we note that LinksAdor runs their own contextual ad network, we have not observed any ads originating from their own ad network at this time. At the time of this report, the LinksAdor network is relatively new.
• We have documented LinksAdor acting as a publisher of other contextual ad networks displaying ad inventory from other contextual adware networks, such as DirectCPV.

Instances where the ad display originated from LinksAdor's own affiliate account result in a forced click (automated click) of their affiliate link. This was observed for the web site of merchants the end user was already attempting to access as well on the web site of competing merchants.

In cases where the browser window was hijacked, the intended viewed web site by the end user lost traffic to their site.