Types of Adware: Zango
It seems as if no place on the internet is safe from adware, even popular social networking sites. Secret Crush, a web-based application more commonly termed as a widget, was found said to be in violation of Facebook's terms of service because of its adware characteristics. This deceptive widget captured people's attention by displaying this message, "One of your friends has a crush on you!", tempting them to click on the pop-up window. Intrigued by the thought of developing a new internet friendship, users were tricked into completing several steps only to find a free horoscope service waiting for download. Those users curious enough to proceed were eventually infected with Zango, an infamous adware program. This program was said to function as spyware, monitoring their web browsing habits in order to launch targeted advertisements. In the end, nearly 4% of all Facebook users had installed the software, amounting to well over 1 million downloads.
Zango, formerly associated with names such as Hotbar and 180solutions, is one of the leading distributors of adware. The company develops software that provides users with business resources and games, along with DRM (Digital Rights Management)- restricted music and videos. Zango has also been at the center of recent controversy. Last November, the company settled charges with the FTC for $1 million. The Federal Trade Commission stated that Zango used a number of deceptive methods to install adware programs while obstructing users from removing it, making their operating a violation of federal law.
Many security experts have listed a number of undesirable activity associated with the Zango Easy Messenger, the company's instant messaging utility. It reported to behave as a spyware application by reporting user behavior, automatically functioning during startup, displaying pop-up ads and installing other adware components.
In 2006, Websense Inc., a prominent anti-spyware vendor, issued a Zango-related security advisory. The report stated that several user pages on the MySpace website were compromised with adware. Apparently, the Zango Cash Toolbar was secretly bundled with video stills that appeared to be from YouTube. After clicking on the still, users were directed to a copy of the video, which was normally operated by rogue sites hosting spyware.
McAfee warns that while several Zango programs may have legitimate purposes, they should still be used with caution. The software vendor classifies Zango software as PUPs (potentially unwanted programs) that may function as an adware downloader.
A Word of Warning
Considering the increasing amount of infections on the internet, the detection of malicious applications on Facebook and Myspace should come as no surprise. As these social networks ascend to greater levels of popularity and attract more users, they are sure to attract more adware and spyware as well. Although Facebook no longer does business with Zango, the threat of infection remains with new threats such as My Admirer, an exploit similar to Secret Crush. This recent wave of infection goes to show that having a false sense of security on what appears to be an innocent website can be very costly in the end.