Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Monday, November 06, 2006

Trojan serves up Zango Videos - another rogue affiliate?

Do you want to see Zango content served up in dubious circumstances yet again? Well surprise, it's your lucky day because hot on the heels of this shambles we're about to go Trojan crazy. I guess someone needs to iron out the final few kinks in that all new and improved affiliate program, eh guys?

There's a file currently doing the rounds (by Email, so I'm told) that does some wonderful things to your computer. By wonderful, I do of course mean HORRENDOUS. Your IE Homepage is changed to a dubious search engine that pulls up both Yahoo and Google results (and tries to install some craptacular software), a bunch of dodgy sites are added to your Trusted Zone and you get a huge-assed Toolbar installed along with a load of popup action in the background.

Most interesting of all, when this thing first hits you see the page open up in the screenshot above - that's right, a massive page of Zango videos. In addition, an Icon is added to your Start menu that opens up the above website too. It doesn't take Sherlock Holmes to realise that whoever made the Trojan is directing people to their Zango affiliate videos - making a tidy profit into the bargain, of course.

The sites to the left are some of the entries dropped into the trusted zone - you'll get all manner of hornyporn related popups after this infection hits the system. There's also a few IE shortcuts dropped onto the desktop, containing the kind of ruderies your mother warned you about - and when you open up Internet Explorer for the first time, you'll see that your homepage has been changed to a completely awful search engine thing. Check it out:

Great, you get hijacked AND go crosseyed but that's not all - it'll randomly try and install various files onto the PC. Even if you reject the initial install from this site, you'll still find to your horror that another install was underway in the background in any case.

Did you want a toolbar with your hijack, sir? No? How about a FIFTY FOOT TALL TOOLBAR that includes all manner of hopeless features and a suspicious ability to "store your login details"?

If that's what you actually required then you're in luck, because check out this little beauty:

...hooray.

Let me ask you this - would you entrust your login details to this thing? It supposedly pops up when it thinks you're on a site that requires password details, so it may (or may not) extend this wonderful feature to banking sites and the like (I haven't had a chance to test it out yet). Now, the toolbar may be entirely legitimate but seeing as it appeared via a Trojan with no notification I think I'll stick to remembering all my login passwords, thanks.

Anyway, eventually the popups will start to hit and before you know it, you'll have about 8 or 9 IE windows demanding your immediate attention. Unfortunately, they're all popunders and can't be opened so you get to enjoy the fact that you don't actually know what any of them are up to. Yay!

Finally, because of the sites added to your Trusted Zone, check out the popup in the final screenshot:

....MORE Zango videos! This time round, they're not crappy movies of celebrities - they're crappy movies of porn stars instead and as a result I had to blank out the ruderies. The things you do in the name of research, eh? Still, money in the bank for the lucky affiliate.

You know the drill by this point - I've lost count of the number of times I've closed with this particular ramble but let's dust it off and give it a spin once more -

This is yet another example of what looks like a Zango affiliate using dubious tactics (at best) to make a quick buck. In this case, an Email based Trojan that makes numerous unwanted changes to your system settings, dumps a load of crappy sites both on the desktop and in your Trusted Zone, puts an icon in your Start Menu that opens up a Zango movies page and pops up adverts for hardcore Zango videos in a random fashion. Add the strange (and rather large) Toolbar with it's frankly scary "password storing" features into the mix and you have the makings of another bad screwup for the Zango guys. I'd like to close by saying that I'm available for weddings, funerals and rogue affiliate policing.

Thanks to Peter Jayaraj, FaceTime Security Researcher Extraordinaire for finding this one.

Labels:

posted by paperghost at 5:15 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.