Blue-chip companies are sponsoring more than TV shows and golf tournaments to promote their products: They are inadvertently underwriting computer spyware too.
Larry Ingram found that out last month after spyware infested computers owned by Minnesota's Hennepin County. The uninvited software spewed ads for such companies as car maker Mercedes-Benz and online travel agency Travelocity.com.
Ingram, who oversees security for the county's 11,000 computers, said those companies might have relied -- perhaps unknowingly -- on unscrupulous advertising middlemen.
But the software that invaded Hennepin County penetrated more than 500 other workplaces. Those spyware ads hint at how much of the cyber-world's latest plague is financed in part by well-known companies.
Cash from blue-chip companies "drives much of the spyware polluting the Internet today," said Joe Stewart, a Lurhq Corp. security researcher who traced the attack back to the underlying ads.
Spyware -- a term encompassing both ad-supported programs that users don't want and more-virulent software that steals financial information -- is the leading complaint of computer owners. It often sneaks into computers when users download a piece of more desirable software, such as a screensaver or file-trading program. Once there, the software typically shows pop-up ads until a user can figure out how to uninstall it -- rarely an easy task.
A number of federal bills aim to restrict the worst practices of the scourge, which is increasingly cited as the greatest threat to the growth of electronic commerce. Yet deliberately or not, money for spyware comes from the coffers of Fortune 500 companies.
"We're funding the business models because we don't know any better," said Clinton Schmidt, the director of online marketing at 1-800 Contacts Inc., a publicly traded Sandy, Utah-based company that bills itself as the world's largest contact-lens store.
Mercedes-Benz USA and Travelocity said their pitches were placed in violation of company policies.
"We would not authorize anything installed in such a manner," said Mercedes Internet marketing manager Lisa Cooper. She said the company had been testing a new ad network and hoped that the spyware appearance wouldn't be repeated.
Travelocity spokesman Joel Frey said his company didn't know about the incident until contacted by The Times.
