There was probably a time in your life where you
felt really special, where you felt like just the luckiest person in the entire world. What were the
odds that this would happen to you? In that moment in time, you were exactly where you needed to
be. But then the more cynical part of you starts creeping at the back of your mind. “If it sounds
too good to be true, then it probably is.” Maybe you aren’t actually the 1,000,000th visitor, and
perhaps you should get out before its too late. The rapid growth of the internet in the 2000s
naturally led to the growth of internet scams, which was facilitated even further by the
continuous advancement of online technology. And just like that, people across the world
visiting a variety of websites, were getting this same message, from this same voice, telling
them they were the website’s 1,000,000th visitor, and to “click here” to claim their price.
Congratulations! You Won! But as we all know, there was never a prize on the other size. Just an
open invitation to downloading tons of malware to your computer. It seems like such a painstakingly
obvious scam when looking at it at face value, yet so many people fell for it and
continue to fall for it even today. How? This is one of the few pieces of malware that
you could safely say is universally recognized. Everyone has come across it or seen it at least
once in some way, shape or form. But what are the pop-up’s origins, who created it, and why?
One of the big reasons that pop-up malware spreads so rapidly is because people just
don’t think to protect themselves when they’re online. Well thankfully,
Private Internet Access is
there to help you increase your digital privacy.
Private Internet Access is the most transparent
VPN provider you can find on the internet. Not
only is their software completely open source,
they never record or log any user data, ensuring
that you get the online privacy that you deserve
and protecting you from ISP throttling or
government censorship. It also works with most
streaming services, so you
can watch shows or movies from outside your country, and it is one of
the few VPN services that fully supports P2P file sharing and torrenting. Private Internet Access
also provides incredible security by changing your IP address and rerouting your internet traffic
through an encrypted tunnel, giving you more anonymity and protecting you from possible
hackers if you’re on an unreliable network. They are also the most customizable VPN on the
market, allowing you to truly make the VPN experience your very own. I have been using
Private Internet Access for years now, and I can confidently say that they have been fantastic on
protecting my presence online. Private Internet Access has truly kept their word and garnered
over 30 million downloads and over a decade of VPN expertise. And now, you can experience it
yourself at a discounted price! By visiting privateinternetaccess.com/nationsquid you can get
83% off your subscription, that’s $2 a month, and 4 extra months completely free! So get started
on a better, much safer internet experience with Private Internet Access.
Now discovering the origins of the “Millionth Visitor” pop-up ads is going to
be quite difficult, but not for the reason that you think. The question isn’t really “where did it
come from?” It’s “where did it TRULY come from?” Now there is a repeating pattern between malware
like this and ones like You Are an Idiot and goggle(dot)com. They all share one in common: both
their creators and their very first appearances are unknown. But there is something
very special about Millionth Visitor, something that makes it stand out among the
others. Millionth Visitor continues to carry on, creating multiple variants of itself that actually
adapt with the internet’s ever-growing technology, whereas the others are more or less frozen
in time. It’s quite scary. The malware was able to spread so rapidly, garner so many new
malware developers to come in and create their own versions of it, finding the center force,
the patient zero of the Millionth Visitor pop-up is now like trying to find a needle
in a haystack. We see them everywhere, but don’t truly know where they are coming
from, hidden in plain sight. But of course, everything starts somewhere, some point in time.
The Millionth Visitor pop-ups, in their earliest form, date as far back as the mid 1990s, during
a time where online technology was primitive, and people’s understanding of the World Wide
Web was very little to nonexistent. The story behind the creation process of the virus
actually has a bit of an ironic twist to it. It all begins with Ethan Zuckerman, an employee
for a webpage hosting site called Tripod.com. During this time, the company was in financial
dire. They needed to come up with a way to create a stable source of income without needing to
completely overhaul their business strategy. Well, it wouldn’t take long for a solution to
inadvertently present itself. The hosting service would end up getting reports from advertisers
who complained that their ads were being hosted on pages containing adult content without their
consent. To prevent this from ever happening again, Ethan came up with the ingenuous idea of
displaying the ad as its own separate window, that way there was no affiliation with the website the
user was visiting. But this had a huge advantage Tripod hadn’t noticed before. Now that these ads
were no longer attached to the webpage, they could now host as many as they wanted to, without taking
up webpage space, which meant more revenue. Ethan had just invented the pop-up ad, having no idea
what kind of harm it could be used for until it was too late. No one recognized the ingenuity
of this new idea more than malware developers, who would soon become the vast majority of
people who actually used the technology. Ethan would regret creating such a thing and has
since become an internet activist, who would like to put an end to his creation once and for all.
Ethan really shouldn’t feel all that bad however, especially when taking in account the direction
that the internet in the 90s was heading in. If Ethan hadn’t created the pop-up ad, someone
else would have, and that’s because of another invention that had just surfaced: Javascript. In
many respects, javascript reinvented the wheel for online computing. Along with HTML and CSS,
it was a language that allowed the developer to do virtually anything they want, with their
only limits being outside the computer screen. This neat invention coincided with the invention
of Adobe Flash in November 1996. So not only could a program you created behave in the way
you wanted, but you could also use visuals and sounds to give it its own personality. Naturally,
the Millionth Visitor malware would be conceived through the pop up-ad using and its brilliant
engineering. But how could people fall for such a thing? I mean, scams have been around forever,
since even before the internet. Surely people knew better and understood that a grand prize was not
on the other side? Well, not exactly (and don’t call me Shirley). It wasn’t that people were
more gullible back then, but rather were more uncertain what kind of form the internet was
going to take. The internet was growing rapidly, snowballing, in so many shapes and forms, to
the point where the line between the legit and the dishonest was sometimes blurred. This
was an era where having a talking purple gorilla on your computer screen was fashionable. The world
just didn’t know any better. Not to mention that a very easy target would be impressionable children,
who may not understand the concept of a scam, and fall into the trap. I actually almost fell for
one of these pop-ups myself when I was a child, but thankfully an adult intervened. But that’s
all that a pop-up like the Millionth Visitor, really needed. It preyed on the
gullible as well as the ignorant, and in this way, was somewhat ahead of its
time. And it could be further argued that the pop-up ad’s aura of mystique and uncertainty
helped it in the long-term. People did not know or maybe even cared where the ads were coming
from and therefore could not really make the best judgment in the moment the ad presented itself.
Was this soundbite even created for these pop-ups, or was it taken from something else entirely?
To this very day, we still don’t know whose voice that is. For all we know, the person in
question could be watching this video right now, neither do we know how long ago the recording was
made. Who created the ad’s artwork? Who developed the code for the pop-up ad itself? There are more
questions than there are answers, which is why people did not know what to do, and why immediate
action was not taken to stopping the ads.
But what did these ads actually do what was so
damaging? Well, it isn’t exactly difficult to figure out. The user on the other end would
interact with the ad thinking that they won a prize, only for tons of malware and viruses to
be surreptitiously downloaded to their computer, but it goes much deeper than that. You see,
despite the pop-up’s visuals and sound being the same, there were multiple variants of the malware
that all did different things. One version, and from some reports, likely the very first version,
would redirect the user that clicked on the ad to a scam website, such as Freelotto.com.
Now there’s something very interesting about this detail, and it may actually give us
a possible lead to where the pop-ups came from. Freelotto was exactly how it sounds. It promoted
itself as a free online lottery anyone could enter with the chance of winning money or a prize.
The company dates as far as back the late 1990s, and while it advertised itself in this light, it
was legally considered a sweepstakes. The website no longer exists, so a lot of the information
on the site’s history is either nonexistent or just conflicting. There are a handful of people
online who claim that the site was not a scam, and that they had friends who won from it. Reports
from the Better Business Bureau claim that people entered the sweepstakes, won their prize, but then
were just ghosted; they never received anything. But what’s even stranger is that, even outside
of these pop-ups, numerous users claimed to have gotten emails and text messages, from FreeLotto,
containing a very similarly formatted message, telling them that they won a prize. With a lot of
these messages containing misspellings, you would think the website is an obvious scam, maybe a
very elaborate one. But it gets even weirder. I looked at the freelotto.com website through
the Wayback Machine and one webpage may have just cracked everything wide open. Although it
is weird that a 2015 snapshot of the website shows “recent winners” that were also “recent
winners” in 2006, these winners are…real. In fact, there are articles about these winners,
showing photos of them with their prize.
So, what does this all mean? This strange
information clearly leads to more than one answer, and since we can only work with past
documentation, nothing can be confirmed. But I believe there are three possibilities for
FreeLotto.com’s relationship with the Millionth Visitor pop-ups. The first possibility is
that the website was a scam but operated in a way where it could still have legitimate
winners. A good example would be a ponzi scheme. Some of the victims of ponzi schemes actually
end up making lots of money, it’s just that most of the people end up getting screwed over; that
doesn’t make the Ponzi Scheme any less fraudulent. The second possibility is the pop-up ads
were using FreeLotto’s brand and likeness without their permission. Nothing is stopping a
malware developer, who has no regard for the law, from creating a phishing website of
FreeLotto to collect user information or even their money. Or maybe…just
maybe, some of these pop-ups were…legit? Maybe there actually WAS a one millionth visitor
at some point in time. What if that was YOU? Remember that one time you got this pop-up
10 years ago and you just dismissed it? What if it was real, and you just lost 1 million
dollars that you can never get back, because you did not trust, COULD not trust your judgment?
Can you really blame yourself though? So many things online seem suspicious when they’re
legit and legit when they’re suspicious. Even with this possibility, it did not stop different scam
versions from continuing to spread. Now there were versions that asked you “survey” questions, likely
to collect your information for advertisers, obtain your full name and credit card information,
or even just to flat out waste your time. For some of them, even after you answered all the
survey questions, you were required to download certain “programs” to qualify for the prize. And
of course, some of these versions may just skip those steps entirely and just get to downloading
the programs right away, acting quite similarly to a drive-by download since the user did not
exactly consent. With JavaScript and Adobe Flash becoming more prevalent and eventually peaking
throughout the 2000s and the fact that many people still weren’t sure where the internet was
going, the Millionth Visitor pop-ups had so much in their favor to grow rapidly. More people meant
more people to fool, and the pop-ups themselves would become a part of online pop-culture. People
were now making remixes of the song on YouTube, comedy skits, and by 2012, Millionth Visitor
would become the most popular online scam. But then something would happen that you are
most likely already familiar with. The slow, gradual obsolescence of Adobe Flash. Most websites
moved on from supporting flash, and it would lose support completely in 2020, the technology
itself becoming extinct. Naturally these ads would take a big hit from this gradual shift and
become less prevalent throughout the 2010s.
Was it the end of the Millionth Visitor pop-ups?
Well, not exactly, and that’s a bit concerning. Unlike other malware thats seemed to
die with the technology of the past, malware developers everywhere have preserved
Millionth Visitor, making versions that change with the times, moving from Adobe Flash to
HTML5 or some other more recent technology. So now, a whole new generation can fall trap into
becoming the one millionth visitor. With no end currently in sight, the best option left is to
do our job in being a civilized online community, to minimize the damage of such a program, to
provide the necessary tools to remedy such an online attack if one falls prey to it. And
the best way to do that is to spread the word.
But what if we actually put these pop-ups to the
test? Well, let’s find out. Now it is important to keep in mind that unlike the other viruses
we’ve showcased in the past, this is one that is much more subtle. You’re not gonna see a whole
lot of craziness on the screen in this video. These pop-ups are very simple, but arguably twice
as damaging. Just like lots of other malware, these are a wolf in sheep’s
clothing. So as always, don’t be fooled by what you’re about to see. Don’t
try this at home. With that said, let’s begin. I’m going to be doing a more contemporary example.
As we discussed there are several variants of this malware, some look different from others or even
function different from others. But they more or less all have the same message. You just won a
grand prize. Thankfully I caught one in the wild that I can now showcase for all you. One Million
Dollars. Incredible. Let’s give it a click. When I say that this is simple, I mean that it’s
simple. This is pretty much it. You type in your credit card number and personal information, and
then it gets sent off to somebody, who can do whatever they want with it. Any sensical person
would stop here, click off, and do an antivirus scan. But we’re talking about sensical people,
so I’m gonna go ahead and type in my information. Alright here we go, let’s go ahead and submit. And then it just hangs. Forever. Now the person
or people on the other end, have my information, and now they can go on an online shopping spree
with my info. In fact, I’m just gonna show you how ridiculous this all is and open up my bank account
balance. As you can see there is nothing there, and I’m gonna go ahead and refresh it so that
you can show you agai—UMM. Mom?!. MOM?!?!
Thanks again to Private Internet Access for
sponsoring this video! Click the link in the
description to get 4 extra months
of free internet security!
Thank you so much for watching. If you
enjoyed this video, please subscribe, and hit the notification bell, so
that you never miss a future video.
