Website Results specialized in the quintessentially dot-com boom service of “search engine optimization” — the business of making sure a client’s Web site ranks high on the listings returned by search engines such as Google or AltaVista. For a time, the company performed so effectively that in August 2000, Penna and his partners sold Website Results to the online ad giant 24/7 Real Media for $95 million in stock.

But less than a year later, in May 2001, the three men were fired from their positions in top management. 24/7 Real Media officials won’t disclose why Penna, Osborn and Smith were sacked. But according to sources close to the company, the trio had built Website Results largely on fast talk and intimidation — a foundation that crumbled once the e-business boom went bust. None of the men, who are said to be in their early 30s, has responded to repeated interview requests.

But their story didn’t end with their firing by Real Media. Shortly afterwards, the three men founded a new company, called Intellitech. In May, Salon reported the strange tale of Intellitech and its “popup ad campaign from hell.” The story detailed how a particularly malevolent form of “spyware” came to be secretly installed on the computers of tens of thousands of Internet users.

The closer one looks, the more bizarre the story of Website Results and Intellitech becomes. Like all previous upheavals in commerce, the digital revolution has produced its share of opportunists and hucksters. But the saga of Website Results’ founders provides a rare insight into the dark side of the Internet boom. Three college buddies moved out to California in the late-1990s with dreams of becoming millionaires — and maybe even movie stars — off the Internet gold rush. Their tools of the trade: software programs that performed sleight-of-hand tricks on search engines, and a host of management tactics seemingly ripped from the pages of a Navy SEALs handbook. Call it dot-com noir — their tale cries out for a 21st century Raymond Chandler.

According to former employees, the story starts in the Hughes Regency, an apartment complex in the less-than-tony Los Angeles suburb of Culver City where Penna, Osborn and Smith first set up shop. They eventually persuaded half of Website Results’ 25 or so employees to rent units in the buildings, according to David Earnest, a salesman for Website Results from February 1999 until December 2000.

Penna and Osborn, avid bodybuilders, outfitted one of the two-bedroom apartments with thousands of dollars worth of professional weightlifting equipment, said Earnest.

“They worked out twice a day and ate nothing but protein. They’re both built like Mack trucks,” he said.

Penna, in particular, used his physique to intimidate employees on a regular basis, according to Owen Hindman, a programmer who resigned in April over what he called the trio’s “shady” morals.

“During meetings, he loved to punch the wall right above somebody’s head and tell them they were crap,” said Hindman.

The three men ran the company like a cult, according to former employees, with most staffers routinely working 16-hour days without bonuses or overtime. Employees were afraid to openly question management, to blow the whistle or to quit.

At the time, Website Results was one of several companies engaged in the nascent business of “search engine optimization” (SEO).

The pitch to Web merchants and other traffic-hungry sites was that Website Results had a secret sauce for getting companies ranked highly by search engines such as AltaVista, Lycos, Webcrawler and the like. Using sleight-of-hand techniques such as “doorway pages” and “cloaking,” Website Results was able to trick the search sites into listing clients at the top of search results.

Christina Wells, who became Website Result’s first salesperson after answering a newspaper ad in 1999, said Website Results signed up blue-chip clients including Orvis, eBay, WebMD and ESPN.

“The SEO market was huge at the time, and when we went into light speed, my commissions should have been running upwards of $20K per month,” said Wells. Instead, she said, the company reneged on the commission system and put salespeople on a flat monthly salary.

Web merchants, in a mad scramble for market share, had little time to look closely under the hood of Website Results’ business. If they had, they might have detected a number of questionable practices.

“Our product was extremely virtual, so it was difficult for customers to verify what we were doing,” said Steve Lazuka, who joined the company as its fourth employee in 1998 and served as vice president of operations for Website Results until leaving in February of 2002.

According to Lazuka, Website Results habitually submitted fraudulent invoices to its largest customers, inflating the amount of traffic it had delivered to their sites, in hopes that they would pay without looking too closely.

“They selectively picked out clients like eBay that had big budgets and paid their bills without tracking whether we really sent them the traffic,” he said.

Garen Razoian, a software developer who was with the company for nine months in 1999, said he attended meetings at which company executives talked of sending such phony invoices.

“That’s the kind of thing they were always considering, as if fraud was a normal way to do business,” said Razoian.

To further pad its billable numbers, the company developed a software program, referred to as “The Zebra Project,” that was designed to make it look as if lots of Web surfers had been clicking at search sites on hyperlinks that led to Website Results’ customers’ sites. Since many clients paid Website Results for delivering traffic on a “cost per click” basis, the automatic program helped to boost its revenue.

“It couldn’t be detected. It went around clicking our clients’ links with false traffic. They were stealing from and cheating our clients,” said Lazuka.

Website Results also began buying “junk” traffic, such as the rights to replace the standard error pages at busy Web sites with its own. The rented “404 error” pages would redirect wayward surfers to designated customer sites, according to Earnest.

“It was totally untargeted and worthless traffic, but most customers had no idea,” said Earnest.

Some clients, however, began to complain about the quality of the traffic delivered by Website Results.

Aron Benon, chief executive of Beverly Hills-based Florist.com, said he was cold-called by the marketing company around July of 2000 and agreed to hire it to drive traffic to his online flower shop.

“After they started sending me these big, fat bills for thousands of dollars, I went down to their offices and asked them to demonstrate what they were doing to bring people to our site. But they couldn’t show me one search engine hit. It was all smoke and mirrors,” said Benon.

Website Results officials later explained to Benon that they actually had purchased placement for his site at what they called an “up-and-coming search engine” named BestoftheWeb.com, run by Volton Technologies.

But when Benon checked the domain registration records for the site, he noticed that Volton’s 3665 Hughes Avenue address was the same as that of Website Results’ humble offices. Volton Technologies, it turns out, had been founded by Penna, Osborn and Smith one month before the sale of Website Results to 24/7 Real Media.

“That’s when I decided they were totally bogus,” said Benon, who reported that Website Results quickly consented to refund his payments.

Website Results’ monthly cash flow — roughly $1 million, according to Earnest’s estimates — caught the eye of 24/7 Real Media. Over the summer of 2000, executives from the New York-based online advertising firm negotiated to purchase Website Results as an independent operating unit run by Penna, Osborn and Smith.

At a celebration dinner at a local restaurant, said Earnest, Penna announced the 24/7 Real Media acquisition to employees, and said management would meet with each individually to discuss their piece of the take.

But after weeks went by and the one-on-ones never happened, disgruntled employees began to defect, according to Earnest.

Meanwhile, Penna and Osborn began outfitting one of the Hughes apartments with thousands of dollars of cameras, lighting and other professional moviemaking equipment, says Peter Wojciechowski, a technical expert who was with Website Results for nearly 18 months until October 2001.

The goal was to produce a Schwarzenegger-style action picture — written by and starring Penna, and using employees on company time as cameramen, sound engineers and other production staff.

The film, tentatively titled “The Punisher,” was never completed.

In May 2001, 24/7 Real Media fired Penna, Osborn and Smith — whom it had kept on to manage the new unit — and took back most of the stock it granted them.

As the three men were being summoned to New York and called on the carpet, 24/7 Real Media sent a pair of 18-wheelers to the Hughes Regency apartments to pack up Website Results’ offices and move them to a corporate park in Santa Monica. A couple of dozen armed security guards stood watch, according to Hindman.

Mark Moran, 24/7 Real Media’s general counsel, said the company is “very happy” with the Website Results acquisition. But he wouldn’t comment on why 24/7 Real Media terminated the founders, whom it had previously credited with building Website Results into “the leading Internet marketing infrastructure company.”

“The biggest thing 24/7 was mad about was the misuse of payroll funds for the movie project. Ron even had his mom on the 24/7 payroll full-time as a makeup artist,” said Lazuka.

Website Results hit a rough stretch of road soon after the 24/7 Real Media deal closed, as many search engines began to deploy tactics to prevent SEO firms from gaming their ranking systems, according to Earnest.

The marketing company was delivering fewer hits for customers; as a result, revenues at the 24/7 Real Media unit, which was meant to act as a cash cow, began to dry up.

To address the changing search-engine environment, 24/7 elected to plow some funds into new technology for Website Results. In a December 2000 conference call with investors, 24/7′s then president, Tom Detmer, reported that the early results of that upgrade were “promising.”

But current 24/7 Website Results technical staffers say a good chunk of their time in late 2000 was not spent revamping the company’s core SEO technology.

Instead, programmers were directed to develop a customizable browser toolbar that could steer traffic to BestoftheWeb.com and collect data on the surfing habits of users — data that could be sold to Internet marketing strategists.

The technology also enabled Website Results to take credit whenever a toolbar user made a purchase at any of the hundreds of online merchants with which the company had established “affiliate” commission accounts.

Dozens of sites, most of them quite small, signed up to distribute co-branded versions of the browser toolbar. But the project was killed in May 2001 when 24/7 Real Media fired Penna, Osborn and Smith and took hands-on control of Website Results.

“The toolbar was never our technology. We never viewed it as being a company project,” said 24/7 general counsel Moran.

But for Penna and associates, who retained the source code, the toolbar apparently provided a technological life raft after they were cut free from 24/7.

Under the auspices of their newly founded company, Intellitech Web Solutions, the three devised a plan to strip the visible front end off the toolbar, leaving only its snooping back end in place.

According to former Intellitech employees, the company also polished up some code designed to automatically and silently install the mutated toolbar when an Internet user viewed a specially designed Web page.

“At that point, it started to become a virus,” said a former staffer who worked on the project.

Last March, Intellitech began to seed the Internet with copies of the backdoor program, using specially designed pop-up ads it purchased at sites, including the family entertainment portal Flowgo.com.

In violation of Flowgo’s policy, the pop-ups automatically sent visitors to another site, where, according to virus researchers, special code exploited a vulnerability in Microsoft’s Internet Explorer browser and forced the spyware onto users’ computers.

According to Hindman, who said he wrote some of the software Intellitech used for its pop-up system, the company also “threw tens of thousands” of such booby-trapped ads every day at visitors to sites where Intellitech had affiliate programs. The ads also popped up on Web surfers who clicked on any of the links Intellitech had established for SEO customers at search engines such as Google.

Hindman finally decided he had seen enough. On April 5, a payday, he picked up his last check and, instead of heading in to work, began making arrangements to move his wife and children out of the Hughes Regency and back to Oklahoma.

“The whole time I worked there, I kept waiting for the FBI to kick in the door,” said Hindman.

Instead, it was Michael Osborn who showed up at Hindman’s apartment that afternoon and banged on the door, wondering why the programmer hadn’t shown up at work.

“I told him I didn’t want to be a part of what they were doing anymore, at which point he started screaming at me. When I shut the door and locked it, he just went crazy. He punched a hole in the door, and when he finally left, there was blood from his fist all over it,” said Hindman.

Later, as fellow employees came by the apartment to say good-bye, they told Hindman it was a good thing that Osborn, and not Penna, had been first to hear the news.

“They said, if it had been Ron, he would have come right through the door,” said Hindman.

The ad, purchased by a Los Angeles Internet marketing firm named IntelliTech Web Solutions, was designed to automatically redirect visitors away from Flowgo (no mouse click required) and to dump them at a booby-trapped site called KoolKatalog.

Once at KoolKatalog, visitors were invited to feed an e-mail address into a digital slot machine created in the Shockwave animation format. Solve the puzzle faster than anyone else, and KoolKatalog would send you a swell prize!

In the nanosecond it took most people to recognize the obvious junk mail trap, the real damage was already nearly done. According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft’s Internet Explorer browser to covertly download the first of 10 files onto visitors’ computers.

KoolKatalog is currently inacessible, but its domain name was registered by an IntelliTech employee and the phone number listed in the privacy statement at KoolKatalog is the number for IntelliTech Web Solutions. Phone messages left with the receptionist who answered at that number were not returned.

A contrite spokeswoman for eUniverse said IntelliTech’s automatic redirects violated its ad policy, and eUniverse pulled the pop-ups as soon as it learned what was happening. Flowgo has achieved its success, she said — and helped earn its publicly traded parent several quarters of profitability — by taking great care to protect the safety of its visitors.

But according to virus experts, tens of thousands of Internet users have been back-doored by the KoolKatalog-distributed “malware,” which they have added to their lists of malicious code for scanning.

“When you exploit a security bug to get your program onto someone’s PC, you’ve crossed the boundary into what we consider malicious,” said Craig Schmugar, a researcher with McAfee, which refers to the KoolKatalog-served payload as Downloader-W.

While researchers have not yet completely decoded all functions of the programs, they say two of the files, BVT.exe and ABSR.exe, attach themselves to victims’ browsers and covertly monitor which sites they visit. Other components, including a file called AUSVC.exe, appear to enable the program’s authors to secretly send updates or other files to the infected computer.

What’s more, the install program, a file called CoolStuff.ocx, checks to see whether the victim is running a firewall, and terminates if it finds one. If no security software is monitoring outbound network connections, the installer grabs other files from one of two IntelliTech Web servers, online1net.com and wwws1.com.

“Somebody took a lot of time and attention to create this. There’s a lot of error checking and careful programming in there,” said Vincent Weafer, director of Symantec’s virus research lab. Backdoor.Autoupder, as Symantec calls it, quietly made the software firm’s list of the five most-prevalent viruses in April.

While designed to be stealthy, the malicious code was revealed to many puzzled victims in recent weeks when it began causing instability in their PCs or crashed them.

Others discovered the program after updating their anti-virus signature files. Sam Evans, security analyst for a Midwestern semiconductor firm, said an anti-virus update in late April caused a sudden flood of reports from company employees. Cleaning the code off affected computers was complex and required editing the PC’s system registry.

“We thought we disinfected all the computers, but our intrusion detection system is still reporting that internal machines are attempting to send information out,” said Evans, who added that the company had “black-holed” (blocked access to) the range of Internet protocol addresses used by KoolKatalog and related sites.

Trend Microsystems, which since April 23 has received nearly 5,000 reports of infections by TROJ_SUA.A, as it calls the software, has released a free tool that automates the 49 steps required to remove IntelliTech’s code from an infected PC.

IntelliTech itself has done little to clear up the mystery surrounding the surreptitious installation of its spyware.

Frank Bigott, a resident of Santa Monica, Calif., who holds the domain registration for KoolKatalog, said he had “zero knowledge” of the backdoor program prior to being contacted by Salon. Bigott referred all other questions to his attorney.

The lawyer, William W. Bloch of Beverly Hills, said Bigott resigned his position in sales and marketing at IntelliTech after learning of the incident from Salon. Bloch also gave Salon the cellphone numbers of three men whom he identified as IntelliTech management, but voice-mail messages left at those numbers were not returned.

Bloch says that Bigott determined that IntelliTech’s management had placed the spyware programs on users’ computers “to gain certain things that would result in increased revenue,” such as commissions from affiliate marketing programs.

Susan Henrichsen, deputy attorney general for the state of California, declined to comment on specifics of the IntelliTech situation. But she noted that downloading software onto someone’s computer without permission is tantamount to hacking.

“If, on top of that, you track people with spyware with the intent of selling the information, that goes way over into unfair and deceptive practices. It’s really pretty appalling,” she said.

The spyware tar pit that users encountered at KoolKatalog may have been connected to an earlier software development effort by a company called Volton Technologies, which also had ties to IntelliTech.

The agent of record for the incorporation of Beverly Hills-based Volton Technologies is Michael Osborn, one of the names provided by the lawyer Bloch as a member of IntelliTech management. Volton Technologies previously offered for download an apparently legitimate program that may have provided the technical foundation for KoolKatalog’s twisted creation.

The program, which Volton termed a “browser toolbar enhancement,” offered access to search engines and e-mail from a control panel at the bottom of Web browsers. According to the program’s license, in exchange for the free software, users agreed to allow Volton to collect “anonymous” data on Web page views and responses to ads, as well as an inventory of the software on the user’s PC.

The front door of Volton’s search site, BestoftheWeb.com, invites users to download the toolbar. But the download page offers no link to the software and merely states, “Our new and improved toolbar is coming soon.”

Similarly, a download link at Volton’s BrowserToolbar.com site was disabled for weeks — before suddenly reappearing May 3, when the site was relocated from an IntelliTech-owned hosting firm in Los Angeles, New Directions, to a new ISP in Canada.

Click the download link at Volton’s new version of BrowserToolbar.com, hosted by Alberta-based Myrias Computer Technologies, and a message says a file called Coolstuff4.cab is being installed. But the toolbar installation fails because the server containing the file, online1net.com, is unreachable.

Online1net.com, along with wwws1.com and KoolKatalog, was summarily unplugged last week by Alchemy Communications, the Internet collocation facility that services New Directions.

When contacted by Salon on April 26 about reports of malicious code at the IntelliTech sites, Alchemy’s vice president Jamie Daquino said his position was Shut down first, ask questions later.

“For someone to get written up as a virus, that’s pretty serious. If they’re doing what people are saying, it’s illegal. We don’t want to be associated with that,” said Daquino.

Daquino noted that New Directions, which also goes by aliases including AlphaHostCo, Online Connect Group, Zones Now, Interhostland and Quik-Net, appears to be “companies within companies.”

With its sites darkened by Alchemy, and its devious pop-up ads pulled by eUniverse, IntelliTech’s misguided experiment in viral marketing appears to have been halted.

But Roger Thompson, malicious-code expert for TruSecure, said that spyware like that found at KoolKatalog.com remains a serious threat to the thousands of users who are infected and not aware of it.

“They are definitely still at risk. Only the original authors know exactly how compromised those PCs are. No one should want any uninvited back door on any PC,” said Thompson.