Slashdot Log In
Adware Spreads Through Myspace
Posted by
timothy
on Mon Jul 10, 2006 08:57 PM
from the so-doesn't-that-make-it-really-ourspace? dept.
from the so-doesn't-that-make-it-really-ourspace? dept.
Sandbagger writes "Here's an interesting problem for MySpace — groups of websites that entice MySpace users into placing videos onto their profile pages (under the guise of 'free content'), without disclosing a key piece of information that might make them think twice. When someone visits one of these profiles carrying the video, a DRM acquisition box pops up and attempts to install Zango adware. In all likelihood, the profile owners don't even know these videos are doing this to their visitors. The end result is an Adware affiliate effectively removing himself from the distribution chain and letting kids promote these videos instead, in a strange example of viral marketing gone wrong."
Related Stories
[+]
Zango Caught in Lies About MySpace? 81 comments
An anonymous reader writes to mention that Zango's still under suspicion for problems on MySpace. ZDNet has the story, discussing rumours of multiple accounts, paid Zango hawkers, and mass emailings. From the article: "Boyd posted some choice snippets from the email, like this: 'Zango is fairly new with myspace sites and it took me some time to see what works and what doesn't ... more profitably, *go to a bunch of your friends* who have popular profiles and pay them (it's up to you so much. One of my partners said 5$..maybe offer to split the money with them?) to put a zango video into their profile through your site. This will give you hundreds of extra installs a day (this probably works even better than having them on your actual site).'"
[+]
Social Networks Attract Malware Authors 76 comments
Looks like the Zanga attack on MySpace last summer was a bellwether. Tiny Tuba writes, "Parents and social network users have one more thing to worry about. According to a
PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more." From the article: "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."
[+]
Zango Under Fire From Adult Webmasters 93 comments
An anonymous reader writes, "Over the past few days, adult webmasters have been accusing adware maker Zango of 'stealing sales' by means of the following method: Computer users with Zango's adware on board will pop open a window containing the affiliate merchant's site they happen to be on at the time, except with Zango's own affiliate code in the window. By doing this, Zango claims credit for the sale and the original, rule-following merchant, the one who referred the user there, loses out. Despite this practice having been around since at least 2004, it seems the adult webmasters are only just realizing this takes place — surprising, considering how deeply connected the worlds of adware and porn are. It seems pornographers pushing adware is acceptable only as long as they aren't the ones getting burnt. Part of me doesn't care, and part of me hopes they carry the financial clout to force Zango to change their current practices."
[+]
FTC Fines Zango $3 Million 77 comments
An anonymous reader writes "Wired is reporting that government regulators have fined rogue adware distributor Zango (formerly 180Solutions) $3 million. This is 'following charges that the company deceived internet users into installing its pop-up software and tried to prevent them from uninstalling it.' ZDNet mentions that 'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.' Security researchers are still happily finding examples of Zango software being popped open in rogue distributions such as IM worms. Ben Edelman is claiming to have more evidence of their dubious business practices, casting into question their claims of newfound affiliate responsibility."
[+]
Technology: Spyware Maker Sues Anti-Spyware Maker 158 comments
prostoalex writes "An 'online media company' Zango, which gained notoriety for redirecting adult affiliate traffic and the first ever MySpace worm, is now suing the anti-spyware vendor PC Tools, maker of an application called 'Spyware Doctor', for removing Zango applications off the consumers' PCs. 'According to a posting on a blog called Spamnotes.com, Zango is seeking at least $35 million in damages, alleging that Spyware Doctor removes Zango's software without warning users that it will be deleted. The lawsuit was filed Tuesday in King County Superior Court in Seattle, according to Spamnotes.com. Formerly known as 180solutions, Zango is trying to clean up its tarnished reputation. In November it paid $3 million to settle U.S. Federal Trade Commission charges that its software was being installed deceptively on PCs.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Is that a rhetorical question? (Score:5, Funny)
Re:Is that a rhetorical question? (Score:5, Funny)
Parent
Re:Is that a rhetorical question? (Score:5, Informative)
Parent
All good marketing is viral (Score:5, Interesting)
The same problem appeared on blogger a year back. I don't know if they ever got the problem under control (I learned to stop using the next blog button), but it was a real pain.
There are two problems here, first MySpace should get a clue and eradicate the infestations. Second IE should have taken steps against forced downloads back in 1998 when it was only realplayer and flash that kept asking if they could install fifty times a day. At least that was only a consequence of the pages having the active content rather than a deliberate attack to put the malware on the machine.
The reason I use Windows is precisely because you don't notice this sort of stuff if you spend your time using Firefox. I want to know the next attack while it is going on.
As an absolute rule it should never be possible for active content running in a user application to crap on the operating system internals. It should never be possible for any program to install itself in a way that is intended to prevent removal.
Windows is trying to introduce this separation but running a Windows box without access to administrator or super user privs is pretty miserable. And to an attacker super user is administrator in any case.
Parent
Re:Is that a rhetorical question? (Score:4, Funny)
Marketing is like rape to sex.
Or:
Marketing is always wrong.
Has a nice ring to it, that last one.
Parent
Re:Is that a rhetorical question? (Score:5, Funny)
Here we can see a fine example of the tragedy of the commons.
Parent
On that note... (Score:5, Insightful)
On Adware and Myspace: it was a pandemic waiting to happen. One of those nasty traits of a large populus, is that when something becomes sufficiently commonplace and comfortable, it becomes an easy target. It's my understanding that myspace is riddled with holes, bugs, etc. That being said, it's only a matter of time until those are found, and exploited.
Though I understand it doesn't end with Myspace, as the attack used is not explicitly limited to that social networking service; it simply is the vehicle for the delivery, and a prime candidate with a vulnerable userbase.
Unrelatedly, I heard a random statistic that said that some asinine percentage of the net's streaming video traffic was due to Myspace. I brushed it off, as, well, that's a sortof silly thing to take to heart, but I wonder if there's any truth to it.
Re:On that note... (Score:3, Interesting)
Re:On that note... (Score:4, Insightful)
And you could have walked up to any of them and said "Excuse me, I have a paper to write and I need this computer." And if they refused to give it to you, had them removed by lab staff. University computers are for academics first, and anyone who needs them for that purpose can boot off anyone who is just goofing off.
Parent
Re:On that note... (Score:2)
Re:On that note... (Score:3, Informative)
Re:On that note... (Score:2)
Re:On that note... (Score:3, Insightful)
I guess the fact that this has nothing to do with MySpace and is a problem with the design of Windows Media DRM escaped you? MySpace is being targetted because it's the culture there to put free videos of stuff you like on your profile page. There's actually nothing MySpace can do to stop this as far as I can see as the "problem" is simply that they make it easy for people to publish videos they like using Windows Media Player. Short of b
A real reason to block the site (Score:5, Interesting)
Technical details? (Score:5, Interesting)
Re:Technical details? (Score:5, Informative)
http://www.pandasoftware.com/about/press/viewNews
Parent
Re:Technical details? (Score:3, Insightful)
Well... what?
I read your Panda link. It describes how the malicious files get downloaded. It does not describe how they then get executed.
I assume that the real license files are pure data files which do not need to be executed after download (the opposite would be an incredibly stupid design decision). In that case, WMP should not have the fun
Re:Technical details? (Score:3, Informative)
You can tick a checkbox in the options to tell it not to automatically download license files.
As opposed to... (Score:5, Funny)
Strange because things referred to as "viral" so rarely go wrong.
Think twice? (Score:5, Funny)
With all the clutter on there already... (Score:5, Funny)
What's so particularly wrong? (Score:5, Insightful)
I'd hate this practice too, if it affected me, but why is it any more wrong, than any other children-targeted marketing (like advertising action-figures in between cartoons)?
Re:What's so particularly wrong? (Score:2)
The cartoon is the ad. The "ad" of which you speak is merely the phone number (to get mommy) to call, or the store to go to. Were you asleep in the meeting?
Re:What's so particularly wrong? (Score:2)
Re:What's so particularly wrong? (Score:2)
Should the viewers have more clue? Yeah, maybe. But they don't. And won't. And there are always new ones coming along to take their place.
Re:What's so particularly wrong? (Score:2)
Because the advertising you see on the TV won't embed itself within the TV without your knowledge and pop up ad after ad over the top of the show you're trying to watch (although TV execs would if they could...).
America really is growing daft (Score:4, Interesting)
People look at me like I'm a Nazi because I seriously don't think most Americans should be enfranchised. Let's face an ugly truth. Our founding fathers were right: most people are unfit to vote. This is a perfect example why. Parents and teens that by now can't handle their own security online are generally irresponsible people, and irresponsible people make terrible voters. Problem is that for every voter who has his or her shit together, watches their kids and is a good, solid citizen, there are 5 morons who will vote like sheep. That dilutes the power of the responsible people to guide society.
I'm personally sick of the MySpace crap. I don't know how we'd find a good criteria for mass-disenfranchising bad parents and most college-age people, but we need to find one. Society is going to hell because we let people who cannot take responsibility for themselves vote in people who won't take responsibility for themselves... and that's bad. These are the people with their fingers on the most powerful nuclear arsenal on Earth.
Learning how spyware gets you is part of using the Internet. It's like living in a big city and actively avoiding finding out where the bad sections of town are.
Re:America really is growing daft (Score:5, Insightful)
The reason people look at you like you're a Nazi is because once you start with "these people aren't fit to vote, I know what's best for them", then you start feeling entitled to make other decisions for them, such as what kinds of jobs they can hold, where they can live, and whether they are allowed to reproduce. The 'slippery slope' card is one that's too often use where it's not warranted, but this is a place where it's obviously warranted, by historical precedent.
Let me say this as clearly as I can: if you think you know better than me as to what's right in my life, fuck you. You have no place making decisions for me, or anyone else. Society really goes to hell, as in labor camps and mass exterminations, when we let right-wing ideologies like yours come into power. We've fought long and hard to get where we are today, and it makes me sick to hear you say that just because you don't like myspace. It's a friggin' website, for crying out loud!
Futhermore, the founding fathers didn't say that most people are unfit to vote. They specfically left out particular groups based on race, ethnicity and gender -- women, blacks, Indians, etc. They did not say that most people are unfit to vote. I would bet that you know, or at least know of, women and blacks that are certainly fit to vote by your standards, just as there are women and blacks that are unfit to vote by your standards. The problem comes when someone starts thinking their standards are the ones we should use to disenfranchise voters.
Parent
Re:America really is growing daft (Score:5, Funny)
It could also be the the little toothbrush mustache and the swastika armband.
Parent
Re:America really is growing daft (Score:3, Insightful)
First, the concept you're looking for is "authoritarian", not "right-wing". You'll find that authoritarians come in both left-wing and right-wing varieties. The two camps never agree on the problems that need to be solved, but they always agree on the solution -- more power for them, less power for you.
Second, YHBT YHL HAND.
Re:America really is growing daft (Score:5, Insightful)
The good news is that, to some degree, the problem is self-correcting. Those "unfit" to vote are the type that keep well away from the ballot boxes, since they're all too busy picking the next American Idol. In fact up to quite recently (quite possibly the GP post), I was trying to figure out why we didn't implement some sort of internet- or phone-based voting system. Then it hit me - the people who are too fucking lazy to either go down to the voting booths or get an absentee ballot if they can't make it are the exact type of people who will, without any question, vote like sheep. You can bet your ass that shows like American Idol, Big Brother and other call-in-/text-in-/log-in-to-vote shows wouldn't have made it to the second episode if their voters had to head to the town hall or other voting emporium to vote.
The counterpoint to that being that while you tend to keep the dumb sheep away from the ballots, those who have some hardcore feelings about a hot-topic issue DO flock to the polls to get something passed/rejected or someone voted in. Naturally, if you can't be bothered to vote then you've got no excuse when you're not happy with the outcome, but you'll still end up with some vastly unpopular things passed when people don't feel strongly enough to get out there.
The biggest problem is really that voting is just a popularity contest. In the last ten years or so, I've seen one candidate - ONE - who's campaign was "here's my stance on these issues, vote accordingly". Everything else has been "I'm great for pointless reasons x, y, and z" or "the other guy sucks for irrelavent reasons u, v, and w." How completely worthless. It would be one thing if you didn't agree with any of the candidates up for election, but it's something else when you're forced to go in blind because their multimillion dollar campaigning told you absolutely nothing.
Parent
a href's (Score:2)
basically, anchor refer tags do not always point to what they are supposed to. myspace is bringing back to the forefront lots of little details/problems from the late nineties from 'user' made websites, mostly geocities. it is reminiscent of when someone would like to
Holy smokes (Score:3, Informative)
Problem solved.
Re:Holy smokes (Score:5, Funny)
Parent
Myspace (Score:2, Interesting)
TreasureTrooper (Score:2)
Let me put in a shout for TreasureTrooper - no adware, but mobs of dorks are spamming YouTube video comment streams on their behalf
adware scanner (Score:2)
MySpace is a lost cause (Score:5, Interesting)
Sure enough, dozens of "Web 2.0" MySpace clones appeared, offering better features and the same "fight for the little guy" mentality that MySpace had become famous for. I expected those MySpacers would be off in no time. Being that I'm a tad too old (26) for those "wacky kids", I diverted my attention and awaited the sound bite that "the MySpace phenomena was over".
A year later, I'm still waiting. Meanwhile, the juaggurnaut that is MySpace continues to grow like WalMart on crack, and other News Corp properties (FX, Fox, Fox News) have jumped on the bandwagon. Call me naive, but I expected the "corporate parent" to stay well hidden from MySpace for fear of losing their main demo (Q: what are you rebelling against? A: what do you got?). Instead the opposite has happened: MySpace and fox passed the "sell out" threshold months ago, and millions more have poured onto MySpace as a result (I find myself meeting people well into their 30's and 40's with freaking MySpace accounts these days!).
So, the simple answer here in regards to the recent scam-ware MySpace epidemic is: duh. My opinion of those "60 million" antidisetablishmentarianist (take THAT grammar nazis) hit rock bottom awhile ago.
So why do I get so fired up about a website I never used in the first place? Because I give people too much credit, that's why. I was first exposed to MySpace by searching technorati and ending up in "the blogs". Believe it or not, not ALL MySpacers are completely illiterate retards. A few made excellent points regarding DRM, media and political collusions, and the evils of Fox News. But when all of this "dissent" can be bought up by "the enemy" in 5 minutes, and NO ONE EVEN CARES, it simply blows my mind.
But then I admit to myself that I still use Google, and therefore, am an ugly stinking hypocrite according to my own psuedo-morality.
In the immortal words of Homer Simpson: D'oh.
Re:MySpace is a lost cause (Score:3, Funny)
antidisestablishmentarianists
you: 0
grammar nazis: 1
hmmm... (Score:3, Funny)
Re:hmmm... (Score:3, Funny)
Q. Why won't the AIDS virus infect Scientologists?
A. Professional courtesy.
Terrible Article, Dead wrong (Score:2, Interesting)
The person (author of the article?) got a video link to a video from Zango which was DRM'd. The DRM is what makes your Windows Media Player popup that window. The file's DRM tells the Windows Media Player what URL to pull up. Anyways, all this person did was post a DRM'd video.
What a stupid article.
Gone Wrong, Indeed (Score:3, Insightful)
Schwab
wmplayer alternatives? (Score:3, Informative)
MySpace are no strangers to the Spyware business (Score:3, Interesting)
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
It sure sounds alot like it's describing much of what myspace is, and myspace is a "deleware company" in the US and subject to US laws.
As for their kind fondness of spyware, see the citations below for more info.
Birds of a feather they say.
http://www.intermixedup.com/ [intermixedup.com]
"Intermix Management and other Insiders sold approximately $25 million of Intermix stock in full knowledge that the New York State Attorney General (NY-AG), Eliot Spitzer, would soon file a lawsuit against the company for
certain adware promotion activity. Management and Insiders sold vast quantities of stock before disclosing this critical information appropriately to the rest of the marketplace. "
http://en.wikinews.org/wiki/Bloggers_investigate_
"Actually, MySpace had simply shut down and become ResponseBase-- as evidenced by the "Freebies" newsletter above. ResponseBase also used a list of 8 million e-mail addresses purchased from Xdrive for their newsletters. In 2002, ResponseBase was booted from their ISP as an illicit spam organization-- with Tom Anderson himself listed as their billing contact. And later still, ResponseBase would be renamed to MySpace."
"Intermix Media itself has a tangled history. In 2004, Intermix (then operating as eUniverse) was named as a spammer organization on USENET. It purchased ResponseBase, shut down its operations, and reformed it as MySpace. On April 28, 2005, Intermix was sued by the State of New York for installing malicious spyware over the Internet. According to their press release:"
Cross Posting on Myspace.. (Score:3, Interesting)
Anytime you cross post to content on another server you run the risk of a "switch" at anytime.
Re:just another reason... (Score:3, Interesting)
Re:just another reason... (Score:2, Funny)
your overconfidence is your weakness (Score:3, Informative)
Re:Isn't it worth it? (Score:3, Insightful)
FYI, most of them are actually guys. Older guys. With all kinds of cooties.