Zango has met or exceeded the key notice and consent standards detailed in the FTC consent order since at least January 1, 2006.

Since November 3, Chris Boyd (aka Paperghost) of Vitalsecurity has posted several articles showing more bad Zango practices,including Zango and the Licat worm, a nasty trojan serving Zango videos, a(nother) Zango profile on MySpace, and trojan named LowZones putting a bunch of Zango domains into Internet Explorer'sTrusted Zone on user's computers. Security company Websense posted an alert on November 6 of fraudulent supposed You Tube videos with embedded Zango Toolbar installerson MySpace profiles. Just a week ago, Vitalsecurity posted about ProfileWatcher, another methodof spreading Zango on MySpace.

Today Ben Edelman and Eric Howes have published an extensive write updemonstrating how Zango is currently out of compliance with the terms of the FTC settlement, addressing every requirement and displaying dramatic examples of how Zango is in violation of the terms.

Amongthe many examples, Edelman and Howes have posteddocumentation showing very recentinstallations of legacy programs including older Zango, 180searchAssistant and n-case files, whicharespecifically prohibited by the FTC. Note there are screenshots and several videos withfull details. Other examples include an installation with no disclosure at all, and numerous installations with poor, substandard, non-compliant disclosure. Edelman and Howes also report that the CDT will file a comment on Monday regarding Zango's continued use of unlabeledads, another clear violation of the terms of the settlement.

The write up includes a discussion of the proposed $3 million payment specified in the settlement and why that amount may be a "slap on the wrist", when, in fact, Zango's ill-gotten gainslikely farexceed that amount.

As usual Zango refuses to take responsibility for anything, again blaming it on their naughty affiliates. From the ZDNet article:

Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself. "We relied too heavily on our affiliates to enforce our customer notice and consent policies," said CEO Keith Smith. "Unfortunately, this allowed deceptive third parties to exploit our system to the detriment of consumers, our advertisers, and our publishing partners." Smith went on to say that Zango would "embrace the new standards" required by the FTC.

Er, cough.. cough.  SOS, different day. How long have the anti-spyware bloggers been writing about this now? Ben Edelman wrote about 180solutions installation methods in July 2004. Eric Howes summed up 180solutions' activities in 2005 with links to over 60 news stories and blogs.

I spoke with Ben Edelman about the FTC's settlement with Zango.  Ben states he has proof that Zango is currently not in compliance with the FTC agreement.

180 continues plenty of bad practices, including some unlabeled ads, materially misleading installations that fail to disclose key aspects of 180's effects, and installation attempts predicated on security exploits. I have the proof, and I expect to post this on my web site in the coming weeks, subject only to my busy travel schedule.

I commend the FTC's efforts here, but serious diligence will be required to assure that 180 actually complies with its many obligations under the settlement. At this instant, I am confident that 180 is not in compliance.

Are we surprised?  Paperghost of Vitalsecurity blogged on Saturday, after the FTC announcement, that Zango download prompts are appearing along side the Licat IM worm.  Another rogue affiliate, I suppose. 

Today Websense released an alert titled Fraudulent You Tube video on MySpace installing Zango Cash.

Websense® Security Labs^TM has discovered a number of user pages on the MySpace domain which have videos that look like they are from You Tube. The videos have an installer embedded within them for the Zango Cash Toolbar.  When users click on the video, they are directed to a copy of the video, which is hosted on a site called "Yootube.info."

This is a nasty trick! There are a few Halloween sites being used to distribute malware, right at the time when unsuspecting web users might be searching for Halloween sites for fun. Patrick Jordan, aka, Webhelper has posted the details here with a screenshot of the code with iframe links to a well known malware distribution site. The sites to avoid are:

Halloweensites.net, nwnlostsouls.com, vampirekits.com, and on the same IP address, but not a Halloween site, sudokugameboard.com. Other on a different IP address, californiaparanormalsociety.com and heatherclark.info are also poisoned with the iframe links. The links go to the domain and IP whois information at domaintools.com.

It's not clear to me if these websites might be hacked, or if they are intended to push malware, but I suspect they are hacked sites, especially since one of them, vampirekits.com, has content for the hosting company, Webair.com. Before posting this, I contacted the support phone number for the hosting company, Webair.com, and spoke to a support person who would not give me his name. This person said he was unable to do anything and I should email their abuse reporting address or call back in the morning. Not cool! Earlier this week I contacted another ISP about a hacked site, and the tech support people had the site down in less than 30 minutes, and that was about 3:00 AM their local time.

Patrick Jordan also posted information about the group behind the malware distrubution site, and listed other sites in the same group. All should be avoided.

Just this week we learned that Apple shipped some iPods with a trojan, (not to mention that Apple tried to push the blame on Microsoft.) In their announcement, Apple used the word virus, but it's more like a worm with a backdoor trojan component.

The name of the malware process on the infected iPods is RavMone.exe. Symantec has a good description here, calling it W32.Rajump. When I first read the description, the name was Backdoor.Rajump, but either way, its malicious payload is the same. On initial infection, the malware creates RavMone.exe in the Windows directory and puts itself in a Run key in the registry to make sure it starts with every Windows boot-up. Symantec says it open a TCP port and immediately tries to phone home to the following URLs:

Another example of very scary technology is the Gromozon rootkit, aka Trojan.LinkOptimizer. I'll write about Gromozon in the next article in the series.

Gallery: Nine more Firefox add-ons to try

Gallery: Nine more Firefox add-ons to try More Photo Galleries

http://content.zdnet.com/2346-9595_22-289082.html?tag=gald

Oracle critical patch FoxNews scareware Microsoft: Exchange 2010 beta today Office 2007 SP2 April 28

Microsoft: Exchange 2010 beta today Tier your workforce, save money

Jason Hiner: With industry giants like Cisco, Apple, Microsoft and Google racking up huge cash reserves, and the market price of many public tech companies on a "50% off sale", consolidation is in the air. Although the IBM-Sun deal fell apart, expect more tech acquisitions in 2009. These are most likely...

Photos: Cracking open the Dell Adamo More Photo Galleries

Apple releases third iPhone 3.0 beta

How to adopt iPhone in the enterprise

http://blogs.zdnet.com/Apple/?p=3697

Photos: The robot designs of iRobot More Photo Galleries

http://content.zdnet.com/2346-9595_22-288760.html?tag=gald

Last year I blogged about Ask's various toolbars and the trinkets Ask uses to get users to install them.  But Ben thinks there's a bigger problem here.  So I sat him down for an interview.

Q: Ben, what's the big deal with Ask's toolbars?

A: The core problem is that users are being tricked into installing them, under false pretenses.  Users are offered one thing, like "free smileys" or "top 10 cursors."  Then users end up getting Ask's toolbar too.

Q: Is that really so bad? You're not claiming these are security exploit installs, like what you documented last year. Users actually consent to these installations, right?  What's the problem?

A: The problem is that users' "consent" is obtained under false pretenses.  Ask gets users' attention with the promise of free tidbits that some users do indeed want.  Once it has their attention, it switches them over to something else -- namely, free tidbits plus a bundled toolbar.

Q: Sounds like the old bait-and-switch routine.  Is that illegal?

A: Ask most folks, and they'll tell you no.  It's all in the EULA, they'll say, so they think it's just fine.  I want to push back on that a bit.

I've recently been rereading old FTC cases about unfair and deceptive trade practices.  One that particularly caught my eye is Federal Trade Commission v. Encyclopaedia Britannica, Inc., 87 F.T.C. 421 (1976).  Here's what happened.  Britannica door-to-door salesmen had various ruses "to get in the door" into users' homes -- "door-opener" lines, they're called, because they get users to open the door and let the salesman in.  Apparently the salesmen often made promises about free vacations and the like.  It's thanks to these promises that consumers let them in. 

Now, ultimately the salesmen revealed that actually they were there to sell encyclopedias, albeit with some chance of a free trip thrown in too.  So the truth of the salesman's offer was made known prior to purchase.  But the Britannica case holds that that's just not good enough.  It's not enough for a salesman to talk his way in the front door with a deceptive opening line, planning to tell the truth later.  An honest sales pitch can't begin with a false or misleading offer.  Once a salesman uses such an offer to get a user's attention, there's no cleaning that up, however well the truth is disclosed later.

Q: That's most interesting.  How does this apply to Internet advertising?

A: I think the analogy is actually remarkably direct.  Ask's ads make promises like "free smileys."  But Ask no more offers "free smileys" (with nothing more) than the Britannica salesman offers a "free vacation."  To get (a chance at) a Britannica free trip, a customer apparently had to buy an encyclopedia set.  Similarly, to get an Ask free smiley, a user must install Ask's toolbar.  In both cases, the opening offer is materially misleading -- promising something that's just not available on the specified terms (a free vacation with nothing more, or free smileys with nothing more). 

In both cases the truth is made known later: Ask ultimately does explain that users must accept its toolbar too.  But as the Britannica case holds, that's not enough.  The initial offer was so different from the resulting deal that the confusion can't be cured by a subsequent disclosure.

Q: Is there anything else wrong with Ask's approach?

Sure.  I show Ask advertising its toolbars through other vendors' spyware, even after Ask specifically promised it had "cleaned up" its advertising practices.  I show Ask's EULA link appearing off-screen, even after Ask specifically promised it fixed that too. 

Q: What about the Ask toolbar itself?  Is it worth installing?

No.  I discourage users from running Ask's toolbars for two reasons.  First, Ask moves the browser's Address Bar from top-left (where it is found in every browser I've ever seen) to top-right.  Ask puts its own search box in the top-left.  So Ask's software makes it highly likely that users will accidentally conduct searches when they intend simply to navigate to sites they request by name.

Second, Ask's toolbar leads to landing pages that are objectionable in their own right.  Ask's landing pages show ten ads -- ten! -- above the first organic result.  On a 800x600 screen, that means 2 full pages of ads, plus a little bit more after that, all before the first organic result.  That's ridiculous.  No user deserves that, especially since organic results are safer than sponsored links.

Q: Ben, do you have any big-picture thoughts?

A: Definitely.  These "deceptive door openers" are remarkably widespread. Many online advertisers use these schemes to pull in unwary customers.  "See what happens next in this video," invite several widespread banner ads, only to require users to give an email address or install software to actually see the rest of the video.  That's materially different from what the ad specifies, and it's a rotten deal for consumers.

It's reassuring that our legal system already confronted this kind of tactic.  These deceptive door opener cases were litigated before I was born, but they stand for a valuable consumer protection principle that withstands the test of time.  Companies ought not begin their interaction with a prospective customer by making false statements, misleading statements, or statements with material omissions.  That's a lesson Ask (among many others) ought to take to heart.

Ben, thanks for the interview. 

The full article can be read here.  There's also a video, made yesterday, showing a non-consensual installation of the Ask toolbar. 

In Boyd's comments Dave Methvin of PCPitstop, explains what happens when affiliate cookies are overwritten and links to an article by Ben Edelman on "cookie stuffing". Dave writes:

[...] here's how it works. Someone goes to Zango and buys a keyword and/or URL to generate an ad. When an infested user goes to a site or page with the keywords, Zango generates a popup window with the "ad" in it. However, the ad is actually a redirect to a URL with a parameter indicating this is a referral from an affiliate--the affiliate that bought the ad from Zango! It overwrites any other affiliate tracking code that the site was using.

It hasn't been that long ago that the CDT filed their complaint to the Federal Trade Commission about 180solutions and their practices. One would think Zango would be minding their Ps and Qs, but maybe not.

"I don't believe user education will solve problems with security because security will always be a secondary goal for users," Gorling said. "In order for security to work, it must be embedded in the process. It must be designed so that it does not conflict with the users' primary goal. It can't work if it interferes."

Some of attendees agreed while others vehemently disagreed.

The trick is to know what you're talking about and to bring the information in a format people understand, said Peter Cooper, a support and education specialist at Sophos, a security company based in England.

"It is a long process, but if we admit defeat now we're just going to go to hell in a handbasket," Cooper said. "Education in every area works."

I agree with Cooper.  I understand trying to educate some users is like talking to the wall, but that does not mean we shouldn't try. I do know, from working with home users on my SpywareWarrior forum, where volunteers help users get free of malware, that some will probably never change their online behaviors, even when confronted with proof that their online carelessness is what got them infected. We had one user whose ID had been stolen by a keylogger and password-stealing trojan, and his bank account had been wiped out.  When told that he needed to update his Windows to Service Pack 2 and avoid file sharing, he insisted that he wouldn't change. Eventually we scared him into updating to SP 2, installing a bi-directional firewall, and scanning any downloaded files for malware before opening them. Getting him to update to SP 2 took about 2 months and literally scores of posts, but finally he did it.

There are some interesting points of view in the talkbacks to Evers' article, but the first commenter got it right.

EVERYONE, and I do mean EVERYONE, should be worrying about security. While at large corporations security is the primary concern of IT all users should be educated about it and be concerned about it.

At my forum, when we have repeat users, coming back for help a second or third time, I feel that we failed to properly educate them. It becomes frustrating at times, but we must keep working at educating users. To not do so is pure foolishness and inexcusable in my opinion.

Subject: Order ID : 37679041

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop. This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40

Order ID : 37679041

Payment by Credit card

Product : Quantity : Price

WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99

Shipping : 32.88

TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ). PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with Adobe Acrobat Reader. If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.

We hope you enjoy your order! Thank you for shopping with us!

Donna's Security Flash blogged this and it was posted at CastleCops security forum. I wouldn't be surprised if a lot of people fall for this. As the poster at Castle Cops said:

So you're sitting there scratching your head thinking "What order?" Boy oh boy... I sure as heck didn't oder no stinkin $2,449.99 Sony VAIO from Circuit City!

Really makes ya wanna open that zip file to see if you've been had, right?

The supposed PDF attachment is really an executable named 37679041.exe, which is detected by AV vendors by various names. Kaspersky named it Backdoor.Win32.Haxdoor.lf. Symantec detects it as Backdoor.Haxdoor.R and others are calling it a variant of Goldun.Whatever you call it, it's quite an evil piece of malware. Haxdoor typically uses rootkit technology to mask itself. Haxdoor is known to steal passwords, give a remote attacker access to the machine, may display advertising and often makes changes to the registry that lower system security. Some variants also disable software firewalls and anti-virus apps. McAfee has a report here.

Why did the security MVPs, including myself, object to Patchou's award?  Simple answer -- his app bundles adware and a rather nasty adware at that, best known as Lop even though Patchou and Messenger Plus! refer to it as the "sponsor". So what's wrong that?  The devotees say the adware is optional, which is true, but there's some guilt thrown at a user who opts out of the "sponsor".  The dialog says "I refuse to give my support, don't install the sponsor".  "Gee -- I must be bad if I don't install the sponsor." See SunbeltBLOG for screenshots.  Also Messenger Plus! is widely known to be primarily targeted at kids under 18, who cannot enter into a legal contract and likely would not understand the EULA, if they bothered to read it. 

So what is this "sponsor" software?  I downloaded and installed MessengerPlus! Live, including the "sponsor" to see for myself. Lop is primarily advertising software that spawns pop-ups on the desktop. Lop used to include a toolbar and change the user's homepage, but that behavior has been eliminated. The "sponsor" installer adds a fake bho (browser helper object) in the registry and creates a hidden job that starts IE in the background and launches another executable. I observed Lop to keep two instances of Internet Explorer running constantly, even when I didn't have a browser open. Each time I opened IE one or two pop-ups immediately appeared.  These pop-ups are not branded, unlike WhenU and Zango even. When I tried to terminate the two instances of IE, one or two other files would kick into action and restart IE, files with names like JugsRoam.exe and heart bend send dash.exe. You can see a list of file names used by Lop here. Lop frequently changes file and folder names in an attempt to evade detection by anti-malware programs. The EULA even contains a clause prohibiting its removal by other applications. The Lop processes continuously contact these domains, ayb.dns-look-up.com and ads.dns-look-up.com, which reside on an IP address owned by C2 Media, the makers of Lop.

It's no wonder that many of the anti-malware vendors call the "sponsor software" a trojan, Trojan Swizzor. 

SunbeltBLOG has some additional gripes about the "sponsor".

Ok, to those who support Patchou?  Fundamental problem:  LOP stinks.  And imagine someone installing MessengerPlus and getting that little cute icon to "upgrade your antivirus program" and getting an outright fraudulent scam.  Imagine that person being a relative of yours who doesn't quite know much about computers, and getting scammed.  Or getting popups they don't know the source of (because LOP does not disclose that the popup was generated by LOP, unlike even WhenU or Zango).  

Note the link to the desktop icons placed by the "sponsor".  One additional thing -- I mentioned earlier that a large percentage of Messenger Plus! users are under 18. The "sponsor" displays pop-ups that are entirely inappropriate to tweens and young teenagers, ads for AdultFriendFinder and the like. 

One of the best sources of technical information and history for Messenger Plus! and the sponsor software, short of installing it yourself, is from another Microsoft MVP, Sandi Hardmeier, who has chronicled Messenger Plus! and its changes for several years now. 

Personally, I think Microsoft made a mistake in awarding Patchou and did the right thing by rescinding the MVP award.  If Messenger Plus! wasn't bundled with adware, I would feel differently. I understand that Patchou has to earn a living and I hear that he is technically astute and an excellent programmer, but in my opinion, an adware distributor should not be given the MVP award, especially when the adware in question has such disturbing, trojan-like behaviors. 

SocketShield from Exploit Prevention Labs issaid to block the exploit.SocketShield has a 30-day trial and the free Link Scanner on their websitewill check any URL for theexploit code. Sleazy porn sites are using this vulnerability to drop massive spyware on unsuspecting users. Roger Thompson of Exploit Prevention Labs called it a "massive malware run" with "drive-by attacks hosing infected machines with browser tool bars and spyware programs with stealth rootkit capabilities."

SunbeltBLOG lists nearly 50 threats being installed though this exploit, including familiar names like Virtumonde, BookedSpace, webHancer, SurfSideKick, Qoologic (also known as Qoolaid), Zenotecnico, TagAsaurus, with some trojan downloaders and a backdoor thrown in the mix.Many of these use affiliate programs where the affiliate gets paid per install, so somewhere affiliates of these adware/spyware companies are making a killing off this zero day exploit, trashing computers with their crapware. I have not tested this exploit yet, but it sounds like kind of payload that would render the machine nearly useless.

At  the extreme ends of the scale, there are a few programs that don't detect cookies at all, including Microsoft's Windows Defender. PC Tools' Spyware Doctor is at the top of the list with the most cookies detected in Edelman's tests.

Why the fuss about cookies anyway? Some people insist that cookies are spyware. Walt Mossberg is one of those people. Advertisers are concerned because they say cookies are essential and necessary for online enterprise and that cookie rejection and deletion is harmful to the advertising industry and affects the bottom line. Some have accused anti-spyware vendors of fear-mongering to increase sales by labeling cookies as spyware. But when one anti-spyware vendor made cookie detection off by default, many users protested loudly.

My opinion is cookies are not spyware. They are simply small text files with no active code. But I do agree that third party cookies can be a privacy concern. I do not use anti-spyware programs to scan for and delete cookies. If the option is available to turn off cookie detection, I turn it off. But I do control cookies and delete the cookies that I see as having no value for me. I've tried several cookie management apps, and found WinPatrol to be the most convenient for my purposes.

I'd like to know readers' thoughts on cookies. Do you think cookies are spyware? Do you delete cookies, and if so, how do you manage them? Why do you delete them? If not, why not? Do you think anti-spyware programs should detect and remove cookies by default, or should it be optional, or not even part of the program? 

hosted at IP 194.187.45.56 located in the Netherlands, but research shows their software is installed from multiple IPs and subdomains.

]]> 6009000849 The Federal Trade Commission announced their settlement with Enternet Media for $2 million for putting spyware on users' computers.

'Defendants also are permanently prohibited from making misleading representations.' inserts new advertising toolbars or other frames onto their browsers, installs dialer programs, inserts advertising hyperlinks into third-party Web pages, or installs other advertising software code, file, or content on consumers’ computers.

The defendants also are permanently prohibited from making misleading representations regarding the performance, benefits, features, cost, or nature or effect of any type of software code, file, or content, including misrepresenting that the code is an Internet browser upgrade or other computer security software, music, song, lyric, or cell phone ring tone.

The order names Enternet Media Inc., Conspy & Co. Inc., Lida Rohbani, Nima Hakimi, and Baback (Babak) Hakimi, all based in California, whose software codes were “Search Miracle,” “Miracle Search,” “EM Toolbar,” “EliteBar,” and “Elite Toolbar.”

According to the FTC’s complaint, the Web sites of the defendants and their affiliates caused “installation boxes” to pop up on consumers’ computer screens. In one variation of the scheme, the boxes offered a variety of “freeware,” including music files, cell phone ring tones, photographs, wallpaper, and song lyrics. In another, the boxes warned that consumers’ Internet browsers were defective, and offered free browser upgrades or security patches. Consumers who downloaded the supposed freeware or security upgrades did not receive what they were promised; instead, their computers were infected with spyware that interferes with the functioning of the computer and is difficult for consumers to uninstall or remove.

The agency’s complaint also alleges that the defendants’ software code tracks consumers’ Internet activity, changes their home page settings, inserts new toolbars onto their browsers, inserts a large side “frame”or “window” onto browser windows that in turn displays ads, and displays pop-up ads, even when consumers’ Internet browsers are not activated.

The complaint against Enternet Media was filed last November. Case documents can be found here on the FTC website.

A description of Enternet Media's Elitebar, also known as Elite toolbar, is here on Symantec's site.

]]> 6009000848 Webroot released its quarterly report on spyware today, claiming spyware infection rates are at their highest since 2004. 

here complete with screenshots.

]]> 6009000847 SunbeltBLOG asks "Is Zango partnering with a bunch of sickos? " I won't repeat much what's posted there because it's too disgusting, but here's the first part.

unitedtoserve2005(dot)com redirects to a hard core porn site, search(dot)porn-info(dot)info, which offers “totally free porn videos”.

These are Zango porn videos — you watch them but get Zango spyware installed on your system.

More curious is that viewing unitedtoserve2005 with Javascript disabled brings up some very disturbing keywords, like the following (WARNING: very offensive language):

Just last week Zango was mentioned in the CDT report on adware advertising and the money trail. I've been so busy I haven't kept up with all the news (hence no blogging), but CDT report is certainly worthy of delving into. Meanwhile Paperghost is still on the Zango trail at Vitalsecurity. There's lots more on Zango and MySpace, Zango and Winamp, and now Zango video ads on The Guardian website. Recently Warner Bros. gave Zango a swift kick right out the door, so not all is peachy in Zangoland.

]]> 6009000846 Hot off the wires -- I just got a press release stating Washington State Attorney General McKenna filed a suit against Movieland.com and 3 associates, all California based companies, for "installing software that takes control of a consumer's computer by launching aggressive and persistent pop-ups that demand payment for a movie download service."  From the press release:

how to remove Movieland from your computer.

]]> 6009000845 Zango's videos have been found all over MySpace, along with a number of sites pushing Zango videos to MySpace users without disclosing the presence of Zango. Profiles named Zango were found on MySpace and Zango later admitted an employee created the profiles and said it was a "mistake". It looked like at one point that Zango was being pushed out of MySpace, but, alas, that has not turned out to be the case, per Boyd here.

When asked about their presence on MySpace, Zango spokesman Steve Stratz denied targeting MySpace to Information Week:

TechWeb contacted Zango for their response, and got Boyd's rebuttal to Zango. In typical Zango style, they dance around the issue and refuse to take responsibility.

]]> 6009000843 What does Vonage have to do with spyware? Ben Edelman has the answer to that question. In his usual meticulous style, Ben has documented with screenshots, packet logs and diagrams the relationship between Vonage and spyware. Vonage is caught being advertised by pop-ups from Direct Revenue, Targetsaver and others, sometimes not in the appropriate circumstances. (See spyware popping porn in all the wrong places) Ben notes:

Effie site seems to be unreachable at the moment, but perhaps someone ought to rethink that award -- why award a company that advertises with spyware? Ben notes that most companies don't necessarily intend to have their ads shown by spyware and has suggestions for how Vonage could stop their ads from being delivered by spyware.

]]> 6009000842 Last week I blogged about Pushing Zango on MySpace and linked to Paperghost's blog asking if teenagers are being unwittingly used to push Zango on my space.  It looks like Paperghost (aka Chris Boyd) managed to create a bit of a stir on the subject and now it looks like Zango is on its way out. Chris' blog managed to get digged, slashdotted and boinged all within a few days. SecurityProNews discovered the culprits behind the two Zango profiles on MySpace and guess who -- see Zango Admits to Placing MySpace Profiles. But, it was a mistake, of course. A Zango spokesperson was quoted stating:

ChaseAndSam.com.

]]> 6009000841 Chris Boyd asked the question yesterday, Teenagers used to push Zango on Myspace? It does indeed look like teenagers, and older MySpace users as well, are being used to push Zango and not making a dime for it.  But the Zango affiliates and Zango itself must be taking in lots of $$$. How is this happening?  There are dozens of websites, like this one, MYSPACE VIDEOS, (click at your own risk) offering free videos for MySpace users to put on their web pages. The catch is, when you click to watch a video, you get a prompt to download Zango. The html code is available right there on the page so MySpace users can copy and paste it to their own pages. Embedded in that code is a link to Zango and an ID, which looks like an ID for that particular video with an affiliate ID embedded in it.  Here's a portion of the code. I've broken the link for obvious reasons and removed a lot of characters from that ID.

Zango (180 Solutions) Abusing MySpace Users.  

]]>