ContextPlus, an adware company implicated in a large number of stealth rootkit infections, has stopped distributing its software, citing concerns over the practices of some distribution partners.
In a brief note posted on its home page, ContextPlus said it is "no longer able to ensure the highest standards of quality and customer care" and will stop further distribution of the "one-to-one desktop marketing" software.
The ContextPlus shutdown comes on the heels of several major lawsuits against adware vendors and a class-action lawsuit that accuses Yahoo of partnering with spyware purveyors to perpetrate syndication fraud against online advertisers.
Even as ContextPlus is placing the blame for the shutdown on software distribution partners, a law enforcement source following the company's operations said there are several high-level investigations into the use of rootkits to hide the existence of spyware programs on infected machines.
"This is one of the most notorious companies out there. They're doing all kinds of nasty things on [hijacked] machines," said the source, who requested anonymity because on the ongoing nature of the investigations.
Not much is publicly known about the operations. Several domains associated with ContextPlus are registered anonymously or by registrants in France and Poland, and several attempts by eWEEK to contact the company has been unsuccessful.
What is well known, according to Finnish anti-virus vendor F-Secure, is that ContextPlus is the company behind the high rate of Windows rootkit infections.
Two programs distributed by ContextPlusApropos and PeopleOnPageemploy what are described as "very advanced rootkit technologies" to evade anti-virus and anti-spyware scanners.
Apropos is a spyware program that collects users' browsing habits and system information and reports back to the ContextPlus servers.
Like the typical spyware application, Apropos uses the data to serve targeted pop-up advertisements while the user is surfing the Web.