Who's seeding the Net with spyware?

PC World - It's tough enough sometimes to figure out where you picked up that spyware, but have you ever wondered who planted that digital parasite?

It was likely a young man, maybe a college student, just making a few bucks spreading pop-up ads that contain unwelcome packages. And it's a growing cottage industry.

How it works

Spyware follows your Internet surfing habits and serves up advertisements. You typically pick up spyware by clicking on links, which may not make it clear that you're downloading a "bonus" program when you read an ad or download a program you want.

The Federal Trade Commission defines spyware as "software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer's consent, or asserts control over a computer without the consumer's knowledge." The federal government and several states are considering antispyware laws, and Utah recently enacted one.

The FTC and industry leaders have urged the U.S. Congress to resist spyware legislation, instead pushing for the industry to adopt self-regulatory practices. They fear that proposed laws define the practice too vaguely and would prohibit other marketing practices that benefit consumers. But some lawmakers worry that the high-tech industry won't regulate spyware aggressively enough to protect consumers.

Meanwhile, computer users continue to face the side effects of spyware on their systems: bogged-down Internet connections, identity theft, lost documents, system problems and potential loss of privacy.

Who's behind it

The people distributing the links for spyware downloads are paid about 15 cents every time an unsuspecting surfer clicks on their misleading bait.

"Friends signed me up one night, after we'd been drinking," says one twentysomething man, who plants spyware for pay. "They said it was an easy way to make some money."

"All I had to do was sign up and post fake ads, saying things like, 'To see my picture, click here.' Then when they clicked, it told them they had to download software to see the pictures."

But the user downloaded no pictures; instead, they got the greeting, "Come back later to see my photo." The ad is bogus, but the contamination of the computer is real.

He says open forums and other unregulated sites are the best places to post ads, because large numbers of people are likely to click on the phony links.

"You have to move around," he says, noting that if users complain, he will be kicked off a site, or a section of a site. For example, he