"I "played" with it several times, and it always displayed the same Zango ad ("crush calculator"). The secret crush authors are indeed the ones to blame; Zango reacted that violently because they just got convicted by the FTC for not being able to control their affiliates methods. Which is what happened here."
If only they'd tried to post this earlier when the comments weren't working.
If only they'd realised the first thing I'd do is check for IP addresses on "anonymous" posts to that already incendiary topic.
I've blanked some info out from the following information, but here's the important part:
inetnum: Removed netname: FORTINET descr: NICE country: FR person: STEPHANE PEREZ address: FORTINET address: 120 RUE ALBERT CAQUOT address: 06560 SOPHIA ANTIPOLIS address: France
....wha? The above address is for something called the EMEA Tech Support and Training Center, listed here on the Fortinet Contact Page. Note that although there is apparently someone called "Stephane Perez" who works for Fortinet, that's not necessarily the individual who posted the above comment.
Seriously, pack it in, whoever did it. If the above poster had disclosed some sort of affiliation to Fortinet, would their post still have been written like that? Of course not.
If people want to get into some sort of covert ops spin campaign over this, fine - be my guest.
But oh my God, don't even think about doing it on my site.
Like everyone else, I went "ooooh" when I first heard about this. For those who don't know, an application on Facebook - when you installed it - "installed Zango spyware" (according to the numerous writeups), meaning the Zango Adware was the final destination, the main reason, for making this application in the first place.
However, Zango came out swinging with their latest blog post and also claimed they have no affiliation with the makers of the Secret Crush application, which seems a little odd considering the maker of the application would have no direct incentive to install their Adware if they didn't have an account with them.
They also posted up a screenshot that seems to show the application merely showing randomly selected adverts - not just an advert for Zango.
If that's the case, then this whole thing just puzzles me because it immediately looks more like
Install application > application opens popup advert > popup advert calls adspace purchased by companies to display random advertand less like:
Install application > GET JACKED BY ZANGO, LOL
...so, once and for all, can anyone who played with this thing - because I haven't - set the record straight?
In it's original incarnation, did this application
A) open a box for Zango and only Zango every single time it was tested, or
B) did it just happen to randomly show a Zango advert (out of a big pile of other things it could have displayed)?
I'm all for talking about the dangers of social networking sites, but only when something is directly trying to exploit you and mess things up for everybody with an actual attack of some kind. All this pandemonium and (potentially needless) worry about Facebook is a step in the wrong direction IF it turns out all Secret Crush does is display a cycle of generic adverts in a popup box.
To be honest, whether the correct answer is A or B, the thing that's really important here is being left by the wayside, which is this:
.....yes, the part where you give the clowns who made the secret crush application access to "know who you are and access my information". If they're happy to experiment with popups that display adverts when you install their application onto your page, I'd be a damn sight more worried about exactly what kind of information they gain access to - and what they can do with it - when clicking the "Add secret crush" button.
Don't get me wrong, I've spent a long time calling out Zango on really stupid things, and will continue to do so when they come to light - but I'm wondering if we're currently stringing them up for being the wrong advert in the popup at the wrong time, as opposed exploring who the makers of the Secret Crush application are instead.
...and now that I just ruined the 90s for everyone, while browsing user profiles on Youtube I saw the following videoclips:
....nice! Gotta' love those keywords, too. I should point out, that picture from the first video isn't what you think (it's some dude twiddling his armpit....yeah, don't ask).
So anyway, you think fake porn comedy armpit twiddling is awesome and you want some more. In a fever pitch of armpit action, you type in one of the blogspot addresses mentioned aaaand.....
....uh, I've won a what now? Did I just click a Myspace spam link or something? Well, no. What happens is, you get redirected from the Blogspot link to a site called Trashclips. But wait! Scroll down a little and...
......"Jennifer Connelly Sex Scene"? Oh my, click the link! Click the liiiiiiiiiiink!!!!!
.....whoops.
And what the Hell is wrong with Rachel Weisz in that pic? She looks like she's on the toilet or something. Yeah, go on. Scroll up and take a look.
.........there you go.
And now that you've seen Rachel Weisz looking stupid, let's finish the whole shambles off with the only sight that's worth taking in:
....Biff Bam Pow!!
On a related note, I think I might have to paste in that Batman dude every time I pwn somebody from now on.
...to this post, can be found here. To be fair, I do appreciate Ken not only replying to the concerns that made me post there in the first place, but also responding with a separate follow up post too.
....I saw this post by Zango CTO Ken Smith, and I just had to reply.
For what it's worth, I actually agree with a lot of what he says. But then I get to this:
And so it goes. Forum postings like these are to be found everywere, but blog postings that encourage painfully manual uninstalls are common as well. Most egregious are the official-looking postings from various online security companies which insist (explicitly or implicitly) that Zango can only be safely uninstalled by shelling out $30 for their product.
....and then I am annoyed. Talking about scammy marketing practices, poor information, screwy security tool removal attemps and general Internet crapulence and then you go and LINK TO SPYWAREGUIDE?
Oh man, I am so posting there. This is what I left....
"You know, I agree with a lot of what your post says and I've even defended Zango in the past when blatantly false information has been put into circulation.
However, given the general tone of the piece - talking about spurious and / or misleading information - my eyes rolled when I saw you linking to, of all things, a page from Spywareguide with the insinuation that a FaceTime app, X-Cleaner, is little more than a 30 dollar ripoff demanding payment as the "only" way to remove a Zango application without using Zangos own uninstaller.
X-Cleaner actually attempts to uninstall an unwanted piece of software/adware/whatever with the products OWN uninstaller first, before resorting to ripping it out by other means.
Furthermore, the Free version of X-Cleaner actually does remove something related to Zango without payment, Zango Messenger, according to one of my researchers.
So not only do we *not* attempt to bypass your uninstaller and thus break your application via a borked removal where possible, we *don't* demand cash to remove every single one of your products either.
In fact, the page you link to doesn't even *mention* downloading an application, or paying, or anything ELSE for that matter.
Yet here we are, linked to in an article talking about misleading information, "official looking postings" and poor uninstalling practices.
I think its entirely fair for the Spywareguide page to inform customers what applications remove the program mentioned, don't you? It's hardly like the page is beating you over the head with BUY THIS NOW though, is it?
So again, of all the crappy applications, spurious marketing gimmicks and generally poor pieces of information out there that you could have linked to, why did you decide to run with a link to Spywareguide in such a context?"
"We understand that inappropriate advertisements are appearing on a small number of user computers on Web sites across the Internet, including abc12.com.
The source seems to be Spyware. Some web users may have inadvertently installed Spyware (commonly known as Zango or other third party Spyware) without knowing it by viewing a video from a disreputable Web site, playing a game or downloading an application such as icons, smiley faces or other software.
The links on this page do not indicate any endorsement or approval of any software, manufacturer or course of action when dealing with malicious software."
....wait, "spyware", "disreputable" AND "malicious"? I love the smell of legal jibber-jabber in the mornings...!
....A Zango related press release? Why is some press agency sending me a.....no, never mind. My brain is already hurting. Let's see what it says:
"Hello,
Wanted to alert you to a new advertising format available from online media company Zango. Similar to an instant messaging (IM) notification, the new desktop advertising vehicle slides targeted, time-shifted ads ("slider ads") onto the user's desktop from the lower right-hand corner of the screen. Through this new format, Zango expands beyond its traditional toolbar and pop-up-style ad deliveries, giving thousands of advertisers yet another mechanism by which to reach consumers precisely when and where they are most likely to make a purchase.
Please let me know if you have any questions or want to learn more - I'd be happy to set up a briefing with (some dude), Zango's Senior Vice President of Sales."
......um.
Let me get this right......you decided to send a press release to me......Paperghost......known for my enthusiastic response to all things Zango.....who happens to work for an Instant Messaging Security Company.....to tell me about how awesome Zango's new adverts....that look like Instant Messaging Notifications......will be?
There is something faulty in the logic employed above. See if you can spot it.
I've had a few people email me telling me about a site claiming to do something similar to Block Checker (remember that thing?) Basically, the site asks you to enter your login details (username and password) onto the site, and it'll....tell you who is blocking you.
Wow.
And of course, all of these sites claim 100% that they DEFINITELY won't do anything screwy with your login details afterwards, oh no. Well, the site in question this time round is this thing:
And, as you can see here and here, there's a whole bunch of domains related to this site that all do the same thing: ask for your login credentials, effectively breaking the Live Messenger TOS regarding keeping your login credentials secret. Whoops. They also use the well worn tactic of changing the users login name to something pimping the website URL - to be more accurate:
"(URL goes here) <-- Find out who deleted you from the MSN without noticing it."
Now people's opinions on this may vary, but to me, that's as close to using the network to spam as makes no difference.
Note also the "Scan Now" button - a nice touch, except there is no "scanning", it just re-prompts you to enter your login details.
Their Terms and Conditions are mostly comedy gold:
"ScanMessenger does NOT perform "Pishing" (SIC) and does NOT store passwords or emails. It is not legally or otherwise related to Microsoft Corporation, MSN Messenger, Hotmail, Hotmail Live Messenger or corporate webs owned by Microsoft."
...so, they don't do "Pishing". I don't know whether to be relieved or worried.
From the sign up form on their extra services page (which will send you Email based advertisements ftw):
"CheckMessenger.NET does not assume responsabilities from the incorrect, inappropriate or illegal usage, or from the lack of truth, integrity, update or precision of the information found in the web site's pages or the results provided from them."
Bolded by me for emphasis. Also, HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA.
"If any person considers that ScanMessenger violates any current regulations, provision or norm, please CONTACT us before taking any measures that may harm the site."
.....in other words, what we're doing might be violating some random policy somewhere, but we demand you shut your mouth up about it anyway. Shouldn't they have, you know, worked out themselves if they were doing anything contrary to the MSN Live Network TOS before going live? Hi, here's the TOS, you're asking people to do something that might break them, the end. Thanks. If people want to complain about it (or indeed highlight what you do) then they will. Sorry.
However....that's not the end.
Eagle eyed readers may have noticed what can only be described as a choice piece o' booty jiggling around on that screenshot. I wonder whose videos those are?
Yep, all the ads on the site(s) that I can see are Zango ads. Not only that, but the majority are clearly aimed at the, er, older end of the market. Here's some (probably not-safe-for-work) examples (1, 2).
Now, if you want a big ole plate of boobs, fine. Go nuts. But this does rather beg the question, if this site is serving adverts of a more adult nature, why the Hell are people spamming this thing on Teen Websites? Here's some spam, and here's some more. Enjoy your tits, kids!
In fact, here's more spam (scroll down to the last salvo of comments) - one of the spammers leads to a completely empty fake blog thing, the other leads to a page on Fotolog that's been deactivated for being naughty (probably). There seems to be a lot more spam out there regarding this, too.
In my humble opinion, we're increasingly happy to hand over our login details to pretty much anybody these days. From a security perspective, this sort of thing screams out "accident waiting to happen". I wouldn't touch this "service" (or any others like it) with a fifty foot bargepole.
I happened to see some incoming links from a domain I'd not seen before - Zingozango.com - and when I got there, all kinds of crazy stuff was going on.
Basically, some guy in Canada doesn't like Zango very much. He then took the step of complaining about Zango on Zingozango.com (which he claims he registered long before he knew anything about Zango) and also allegedly linked to tools that would remove their products.
Zango aren't too pleased about this, and apparently hurled him a C&D. His reply was that, and I quote, "The Zango Trademark Compliance Team can kiss my ass".
It'll be interesting to see how this one plays out...
I was digging around on Wikipedia, and happened to notice someone repeatedly editing the Zango page. Someone kept removing Co-founder and CEO Daniel Todd from the Company Information section, with the curious note "There have been changes to the management team".
There's no indication as to who keeps putting that, or why.
Of course, it's unsubstantiated Internet rumour at this point, but it's a rather odd thing to post if not true. Anyone out there know anything about this?
This is a file courtesy of 180 Solutions (Zango) deposited onto my test PC with not even a squeak of notification. The source? MSN-Emotions.org, a crappy Smiley website thing.
This is just one issue in a rather large collection of tough questions that Zango will need to address here, courtesy of Ben Edelman.
Similar to the junk here, these things are made to look like YouTube style video boxes that you'd reasonably assume would play a video when pressed. Right?
....nah.
When you click it, you're taken to....
Now colour me stupid, but those video boxes say "Share". However, as far as I'm aware, you can't"share" Zango videos (in the sense of pasting YouTube videocode onto your site, which is what these adverts clearly insinuate).
"Along with those ups and downs has come a fair amount of bad press and we've even managed to attract our own little, dedicated band of detractors. I'm quite certain that those detractors will comb over this blog regularly for any ammo they can find to continue to throw spears at Zango and at me."
For some reason, Zango going head to head with Kaspersky wasn't as widely publicised as the PC Tools thing. With that in mind, here's a sample:
"In its TRO motion, Zango asks for mandatory relief--i.e., that Kaspersky USA remove Zango from its list of suspicious websites and otherwise modify the anti-virus and other security software. The problem, however, is that Kaspersky USA has no ability to do so. The security software is designed, developed, and maintained by a Russian company, Kaspersky Lab ZAO ( Kaspersky Moscow ). Kaspersky USA is merely a non-exclusive distributor of Kaspersky Moscows products, is not an agent or subsidiary, and has no control over or ability to modify the software. Zango has sued the wrong company."
...they sued who on the what now?
Anyway, there's a lot of documents that have hit the net since yesterday about this so here's a handy timeline (minus time, so it's actually more of a list):
1) The original suit is filed by Zango against PC Tools.
2) PC Tools and Kaspersky respond to the TRO applied for by Zango. Here's a link to two PDF documents that set out the case for both of the above.
3) Zango's request for a TRO against PCTools against PC Tools is denied. You can tell it's been denied, because the document ends with the word DENIED in big letters.
The latest piece of garbage floating around Myspace - full writeup here - is bad enough. Fake Windows update box overlaid on random profiles, that takes you to a hijack involving rogue antispyware cleaners.
However.
Given that recently Zango filed legal thingies against PC Tools and Kaspersky for rating / classification stuff with regards their Adware as "elevated, malicious risks" - I do wonder.
What will they do here, where a rogue antispyware application is placing what are effectively dummy files pretending to be from 180 Solutions (amongst others) onto PCs so their rogue cleaner can "detect" them in order to have the hapless end-user pay to "remove" them?
Could Zango be about to take a rogue antispyware vendor to task? That would be pretty interesting...
After doing some digging on a rumour regarding a new bunch of infected Torrents doing the rounds, I happened to stumble across a spectacularly distasteful forum - and by "spectacularly distasteful", I do of course mean nine solid pages of links to "rape videos" (clips ripped from movies, pornos etc), amongst other things such as general discussion, videogames and, er, Bollywood movie news.
Nice combination.
While there, I noticed the site had a rotating ad banner that randomly served up ads for free laptops, luxury cruises, smileys etc....you know the score. Well, I happened to see one or two ads appear in the rotating ad banner thing that happened to resemble YouTube style movie players. Generally, this means you can be sure that, whatever else, clicking the ad will NOT take you to YouTube. Eventually, curiosity got the better of me - would this be some hot new install? - and clicking one of the ads took me to....
Zango.com, with this particular page pushing Pamela Anderson movies. Apart from the creepy forum that took me there via the ad rotator, what I'm really curious about here is, after the series of events that took us to this (and then this), you'd think clickthrough-ads-looking-like-YouTube would now be looked at as something to be avoided like the plague.
Categories
