Interview with MySpace Zango Pusher Mark Arruda

You just never know what you are going to read when you go to Paperghost’s site, VitalSecurity.org, and today was no exception. He found a newspaper interview about this enterprising young webmaster that makes “big bucks” designing web sites. And apparently, this is the same individual who has been pushing Zango on MySpace users with their “video content”.

From the interview,

Just 10 short months ago, the 21-year-old Fairhaven resident was working at a pizza place and taking classes at Bristol Community College. He didn’t even have enough money to buy gas.

Mark’s newfound wealth comes from raking in big money making Web sites to enhance MySpace Web pages.

Sound familiar? Making web sites to enhance MySpace pages. It only says Mark earns income from advertising hits on his sites. And they specifically mention Yahoo, but nothing else.

From PG’s site,

Effectively, we have an open admission from the webmaster of these sites that the people most likely to install the Zango videos on their Myspace profiles and / or run them are under the age of eighteen, on the basis that if that’s the main age of his visitors, it stands to reason that a higher proportion of that age range would also interact with the Zango content.

Not only that, but despite the main age range of his user base being between 13 and 18, he is apparently not paying any attention to the Zango Terms and Conditions either and knowingly presenting his young users with Adware that requires you to be over the age of 18 to install it in the first place.

I don’t know how much more rope this guy needs to hang himself with here, but he’s doing a pretty good job of it. The question is, in light of this latest “revelation”, will Zango do anything about it?

I don’t think anything will be done by Zango, he will have to be shamed into stopping I’m sure, if that could even work.

I posted an entry in their forums to ask them if they would do a follow up to see exactly how he made his money, but the forum is heavily moderated and the post will probably not see the light of day. So, apparently the SouthCoastToday is not really a news site, otherwise they would be interested if one of their own was helping infect thousands of computers with adware.

Posted by Jimmy Daniels Posted in: MySpace, Social Networks, Spyware, Zango No Comments » August 2006

Banner Ad on Myspace Infects Over 1 Million Computers

In an article from The Washington Post, an ad for DeckOutYourDeck.com was using the Windows Metafile flaw to load a Trojan horse program that loaded crap from the PurityScan/ClickSpring family of adware. The users pc would then be bombarded with popups and their internet usage would be tracked, and, unfortunately, at least half of the available antivirus programs flagged this software as bad.

Using software that captures and analyzes Web traffic, La Pilla found that the installation program contacted a Russian-language Web server in Turkey that tracks how many times the program was installed, presumably because most of this adware is installed by third parties who get paid for each installation. The data there indicate that the adware was installed on 1.07 million computers, La Pilla said, adding that all seven of the Internet addresses contacted by the downloader Trojan appear to be inactive at this time.

La Pilla said he also spotted the ad trying to serve up adware on Webshots.com, a popular photo-sharing site. It’s not clear when this particular campaign started, he said, but an anonymous user at the invaluable CastleCops security forum posted information about a similar attack spotted on MySpace on July 12. Users at this online gaming forum apparently spotted the same WMF exploit being served via the DeckOutYourDeck ad as early as July 8.

So, it appears there are lots of users who haven’t patched their machines in awhile, since Microsoft made patches available in January. Most of these users are MySpace users, probably, and if they are like my kids, I make them use their own computers, so they probably don’t get patched and they get ate up with spyware/adware. Occasionally, after much complaining from my boy, I will re-image his machine and I will lecture him on how he is supposed to use the internet, which goes in one ear and out the other and he does it again. So far, learning the hard way is not helping him any, so maybe I need to come up with a new approach.

Posted by Jimmy Daniels Posted in: MySpace, Security, Social Networks, Spyware 1 Comment » July 2006

Vonage Funding Spyware

In one of his amazing and detailed writeups, Ben Edelman exposes Vonage as the spyware supporters they are, in this post How Vonage Funds Spyware.

I ought to be a Vonage enthusiast. I support Vonage’s efforts to protect network neutrality. I applaud their flexible voice over IP service and their efforts to compete with incumbent phone companies. I’m even a VoIP customer (albeit using a competitor’s service).

But instead of praising Vonage, I have to criticize them — not for their core business (which seems robust) or for their customer service (which others have repeatedly criticized), but for their reckless advertising practices. Vonage spends huge amounts on advertising — more than $20 million per month. (source) Unfortunately, among this spending is widespread and substantial spyware-delivered advertising.

For years, my manual and automated testing have documented Vonage ads appearing in all the major spyware programs. Now that Vonage has completed its IPO — itself promoted as a way to raise more money to buy more advertising — this page presents twelve recent examples of Vonage ads appearing in spyware.

The best way to kill spyware and adware is to stop supporting the companies that still use it, like Vonage. Legislation will be as as good at stoping spyware as it it at stopping spam, so the only way to get these guys is by cutting off their funding, and we need to do it now because the longer this stuff is around, the more used to it everyone will be and it will eventually be considered a cost of going online.

I also wanted to include this statement from the end of his article.

Last month Vonage won an “Effie” award for the “effectiveness” of its advertising campaign. I can’t speak to Effie’s criteria in granting this award. But advertisers might appropriately hesitate to praise an advertising strategy that, whether intentionally or recklessly, includes buying ads in spyware.

I know Google loves this part, a Vonage banner ad is injected into the Google homepage when requested from a PC that has Fullcontext installed. Wonder how much some businesses would pay to get one of their banners on Google’s homepage? Google should called Vonage and give them thier “rates”, especially considering they do not sell banner space on their site.

Added: The image at the top of the page after a user posted it on flickr.

Added: Spywareguide has posted a follow up to Ben’s article here.

I was intrigued by this question and what seems to be a relatively dead tactic coming to life the field. So I queried Ben for a discussion. In short he wondered aloud whether banner injection might be “the next big thing.” He told me that until this past month, he had only seen one spyware program injecting banner ads into others’ sites: DeskWizz’s SearchingBooth. but then this past month he found two more — FullContext and DollarRevenue. that’s a startling and rapid growth — suggesting there may be more to come.

Posted by Jimmy Daniels Posted in: Ad Injection, Online Marketing, Spyware No Comments » July 2006

Would you kindly shut your noise-hole?

The spin coming from Zango is amazing as always. Note: Chris, I like peanut butter cookies.

In an article from InformationWeek, Zango representatives responded to the Paperghost’s blog about Zango and Myspace, called Teenagers used to push Zango on Myspace?, here are a few quotes and spin from the house of cards that adware built.

Then Zango’s vice president of business development, York Baur, said that “we’ve fixed [those] problems to the extent they can be fixed. This [business] model works, and we’re very proud of the model we’ve built.”

Stan Monlux, senior director of business development, weighed in Monday on the MySpace issue by denying that the network’s accounts were allowed to register as partners — and thus receive payments — and arguing that it wasn’t up to Zango to police the sharing of its content.

“We get applications from MySpace account holders all the time,” said Monlux, “but MySpace has a policy of not allowing any third-party advertising. Partners need to own a top-level domain, as well, and obviously MySpace profiles don’t meet that requirement. Those two rules basically say that we’re not going to be contracting with anyone on MySpace.”

But, Monlux went on, Zango’s “invested significant financial resources creating content for people to share. We certainly don’t discourage sharing it.”

Of course they don’t, that’s there out, we don’t pay affiliates to push Zango on Myspace, but if a user grabs a video, we will pay the affiliate for it. How convenient. This effectively says push our videos, but make sure the users spread it for you, and what better way than to push these videos of amazing and funny stuff that looks great on a Myspace users webpage, stuff that their friends will want, and their friends, etc, etc.

Boyd’s contention was that unscrupulous Zango partners are getting MySpace users — many of whom are teenagers — to do their dirty work by spreading the necessary ad-tracking and ad-displaying software.

“Pasting the code for the [video] into the MySpace profile and having it auto play when you visit the page is enough to have the [Zango] license prompt appear,” said Boyd. “Easy as pie.”

But although a Zango EULA (end-users license agreement) pops up on coded MySpace profiles, it’s too easy for users to assume the dialog’s from MySpace, not an adware vendor, argued Boyd. He found more than two dozen sites similar to Myspace Graphics and “I didn’t see one actually mention the fact that in return for these [video clips], you’d be pimping Zango.”

That’s part of the secret sauce, they work on users assumptions, like those popups are coming from Myspace, or those EULA for those “great” videos, for all of their bluster about reading EULA’s, about helping sites make money, it all comes down to trickery and deceit. Every time someone installs one of their programs it’s because they accept the EULA just to get something for nothing, or so they think, or because they think it’s a license to use the video or just because they don’t know any better. I still challenge Zango to send me some email addresses of people I can contact who actually like their software, hell, just one will be fine with me.

“We know where Boyd and other like him stand, and they know where we stand,” Stratz said.

Ya, we stand for truth, justice and the American way, we don’t like being tricked, we don’t like seeing others tricked, especially kids, and we don’t like you and your spin, so as Bender says, “Would you kindly shut your noise-hole?”

And now, back at the Hall of Justice…

Added: Looks like the Paperghost wins again, the Myspace profiles have been removed and the guy who was “pimping” the Zango videos on Myspace has stopped. Wonder how they got him stopped so fast? Employee, maybe.

Posted by Jimmy Daniels Posted in: MySpace, Social Networks, Spyware, Zango 1 Comment » July 2006

ValueClick Takes on Zango, 180solutions, as an Advertiser

Was just reading Wayne Porter’s Summit Insight: Good Example Mr. Storm & Bad Example Mr. Zango where he congratulates Tim Storm for winning the Legends award, and he takes Zango to task for more of their “bad affiliates” bull crap.

The two sides — adware provider and security researcher — couldn’t be farther apart, and Zango’s Stratz made it sound as if that would always be the case.

“We know where Boyd and others like him stand, and they know where we stand,” Stratz said.

Yep I am one of the “others like him” and I am glad they know where I stand. Rule of thumb- Don’t stand on fault lines brother.

Yes we do, we stand on the side of the fence that says, treat us as you would want to be treated, and they are on the side that says We want all the money. It’s amazing the spin and bullshit that comes from 180Solutions, it’s never their fault, always an affiliate that others have to find and point out for them, I guess checking to see how their affiliates actually promote them is to much work.

Anyway, getting off track, it appears the parent company of CJ, Valueclick, has taken on Zango as an advertiser, so if you were a publisher for FastClick or Valueclick you can now thank them for paying you to install adware. That’s right, they show you banners containing amazing videos or car crashes, people falling etc, and it only costs you your computers well being. CJ had already kicked Zango to the curb, but that was when it was called 180Solutions, which in internet speak means “stab you in the back”, but I guess since Zango isn’t as familiar to most people they are trying to slip them in under our noses. This is ridiculous, wonder what kind of response I will get from Valueclick when I ask them what is up?

Posted by Jimmy Daniels Posted in: Affiliate Marketing, Spyware, Zango No Comments » July 2006

Browsezilla Inflates Your Pron

A free web browser, called Browsezilla, downloads adware to inflate page views on porn sites. The things people create to make money…

Browsezilla, whose name and Lizard-like mascot are reminiscent of the open-source Mozilla browser products, claims to help surfers cover their tracks when visiting pornographic sites. It does not use browser history or save data to a cache, and it allows users to save their bookmarks on a remote server, according to the product’s Web site.

However, Browsezilla also secretly installs adware that boosts the page view counts on certain pornographic Web sites, according to J.J. Schoch, director of marketing with Panda. “It’s being used deceptively to get more hits on their site,” Schoch says. “This adware opens a series of adult web pages, although they are not visible to the user.” Source: Yahoo

The makes of Browsezilla released a statement on their website, but have not answered requests for further comments on the Panda website.

As long as someone can make money from something, there will be abuse. I’m surprised we haven’t seen more adware/abuse considering the money that can be made from the porn industry.

PandaLabs has discovered that Browsezilla, a free web browser available on several web pages, infects computers with the adware PicsPlace, without users’ knowledge. This adware, which activates whenever a user starts up the infected PC, opens a series of adult web pages, although they are not visible to the user. This tactic is aimed at artificially increasing visits to these pages.

Browsezilla is an application similar in appearance to the widely-used Mozilla browser, and also uses a dinosaur as a logo, no doubt to encourage users to trust the application. Ironically, the creators claim that Browsezilla offers safer Internet use than other browsers, as it supposedly does not store the history of pages visited or favorites lists. To encourage users to install it, the official page offers an Internet search service. However, the search always results in a page advising that it is necessary to download the browser in order to obtain the requested information.

The objective of the creators of Browsezilla could simply be financial: the browser uses thousands of users to generate fictitious hits on websites, so that the owners of the web pages receive increased traffic and consequently more income. Part of this income would go to the creators of the browser. For users, the negative effect is reduction in bandwidth used to access the hidden pages. In addition, users could find themselves unjustly accused of visiting pornographic websites. Source: Panda

Posted by Jimmy Daniels Posted in: Spyware No Comments » June 2006