Things have been quiet on the 180solutions front for a while, but now they are back in the news with Zango adware being pushed by a botnet, discovered and detailed by Paperghost at VitalSecurity, complete with screenshots. The story goes like this. The IRC topic set by the Channel OP happened to be a link to the executable, as seen in this screenshot, that starts the installation of Zango. It displays a EULA, as seen here, displaying "You're Good to Go", as seen on the Zango home page.
Zango – You’re Good to GoTM
You’re already plugged in and ready to enjoy all the free ad-supported games, videos and downloads available with Zango! Enjoy unlimited access to thousands of videos, hundreds of games and dozens of downloads. No time-outs or purchase required ever! Thanks to Zango’s revolutionary advertising technology, Zango is able to support an ever increasing roster of content creators who are now able to share their creative genius with you – the millions of Zango users from around the world! Check out Zango.com to see it all and even share it with your friends.
I guess the botnet master took the "share it with your friends" seriously, but, it's no act of altruism because he/she gets paid for each installation. I wonder if this distribution channel meets the criteria for 180's best practices as outlined here.
The botnet master is not only installing Zango. Another installer with an ever bigger payload is being pushed. It installs SurfSideKick, Command Service, (pop-up seen in the screenshot here), a rogue security app that displays a fake warning of security vulnerabilities and so on.
Update: Techdirt is asking a very pertinent question -- 180solutions doesn't consider botnets rogue distributors?