Snopes Pushing Zango Adware

DaMan writes "Here's something that isn't an urban legend — Snopes, the popular urban legends reference site, has been pushing adware, for at least 6 months, to users via ads displayed on its Web site. No one seems to have called them on it until recently."

I hear...

[Landshark17 (807664)]

They also run spam servers... http://xkcd.com/250/ [xkcd.com]

Re:I hear...

[kentrel (526003)]

I read that comic too a few weeks ago, and did some research to try and verify it, but couldn't find any significant evidence.

Anyone find any?

Re:

[Jah-Wren Ryel (80510)]

I read that comic too a few weeks ago, and did some research to try and verify it, but couldn't find any significant evidence.

I think humor is not your forte.

The joke is about Symantec and all of the other anti-virus/mal-ware companies. The urban legend is that they are in cahoots with the virus writers in order to keep their anti-virus business in business.

I think it is at least as true as the FBI looking the other way when their informants commit 'petty' crimes because they think that getting the big fish is worth it.

Re:

[kentrel (526003)]

Oh now I get it..

Humour is my forté. However, humour about the inner workings of anti-virus and mal-ware companies is still on my to-do list. Know any good stand up albums I should listen to? I hear Symantec Kinison is really good. :D







I'm sorry I'm sorry I'm sorry I'm sorry I'm sorry. I'm sorry I'm sorry I'm sorry I'm sorry I'm sorry

Re:

[argiedot (1035754)]

Humour about the inner workings of anti-virus companies may not be your forte, but placing accents on random letters certainly is ;)

Re:

[_KiTA_ (241027)]

They also run spam servers... http://xkcd.com/250/ [xkcd.com]


Meh, I read somewhere that that was debunked.

Re:

[Planesdragon (210349)]

It's a non free software problem. Free software users don't have to download software from untrusted third parties. No closed source software can be trusted, so Windoze users who don't get software from Snopes ads should not feel so smug. There is very little difference between M$ and Zango.

Sheesh.

1: Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party.

2: Spelling it "Windoze" and "M$" just makes me think you're a moron. You're not a moron, are you? Why would you want me to think that?

3: Microsoft takes my money and gives me software that is as good or better than what I can get elsewhere. (Otherwise, I don't go to MS.) Zango would take my privacy, and give me... what, exactly? Third-

Re:

[WhatAmIDoingHere (742870)]

Don't encourage Twitter. Pity him, sure, but don't encourage him.

Re:It's not a Snopes Problem.

[palegray.net (1195047)]

Spelling it "Windoze" and "M$" just makes me think you're a moron. You're not a moron, are you? Why would you want me to think that?

Hey, man, ease up. My bro there sounds like a mature man of 14 wise years. He's just tryin' to lay the truth on you, for real. He ain't gotta do no code review, he got that shizzle memorized, yo. He's pimpin that junk in binary, it ain't even on our level. True talk, he's down with the open source life-style like a mutha. He's the kind of real playa who's got spreadsheets printed out all over his bedsheets, in ODF format for sure.

Microsoft better watch out when he rolls deep with his leet skillz, he'll bust a cap in that closed source shiznit. Word.

Re:It's not a Snopes Problem.

[thetorpedodog (750359)]

Word.

Surely you mean "OpenOffice Writer", my home-dawg?

Re:

[ricree (969643)]

Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party.

That's true to some extent. There is, however, a large difference. In closed software the third party you are trusting is often limited to the people who actually wrote the code. In open source software, you just have to trust that some people out of the many on the internet capable of understanding the code have actually looked at it, and that at least one of the people who looked at the code would call the project out on any suspect parts of the code. Personally, I'd say that the second set of assum

Re:

[bfields (66644)]

"Unless you went through the code yourself, don't trust it. Maybe you can trust the maintainer of that code, but either way you end up trusting a third party." I've never read through Wiles's proof of the Fermat conjecture, but I'd still bet my life on its correctness, because I understand the process by which it was reviewed. I don't claim free software is free of problems. But, other things being equal, I *do* trust code that I know could be publicly reviewed by anyone over code that couldn't be.

Re:

[ArsenneLupin (766289)]

Microsoft takes my money and gives me software that is as good or better than what I can get elsewhere. (Otherwise, I don't go to MS.)

Simplistic really. There is plenty of reason why to get a product besides its quality.

How about:

1. you don't know any better
2. it's foisted on you by your PC salesman (in many places, it's still exceedingly difficult to find a Windows-less PC)
3. it's foisted on you by your employer
4. it's foisted on you by the manufacturer of a gadget that you like or by a radio station that you like to listen to
5. some of your personal (digital) belongings are being held hostage by MS because at some point in the past you were im

Re:Who would care?

[Tim C (15259)]

I'll field that one. My experience of people who seriously use terms like M$ or Windoze (or open sores for that matter) are generally either trolling, morons or fanatics (or some combination). In any of those cases, there seems to be little point to trying to have a constructive, reasoned argument with the person.

This sounds fake...

[by Anonymous Coward]

Maybe I should go check an urban myth site to see if it's real...

Turncoat!

[Misanthrope (49269)]

Stay good Snopes! Stay good!

Re:

[hiryuu (125210)]

You forgot the <kiki></kiki> tags... :P

Coincidentally...

[by Anonymous Coward]

"Pushing Zango" is Dominican slang for having sex with an elderly woman. It's true.

Re:Coincidentally...

[Nimey (114278)]

Is that Dominican-the-country or Dominican-the-Catholic-religious-order?

all about the money

[bjmoneyxxx (1227784)]

Snopes isn't something built for the common good of people, it's their to generate money, and they just happen to choose one of the darker ways to do it. "Do you want to block junk sites?"

Re:all about the money

[by Anonymous Coward]

I just tried to fill out their Contact Us page to ask them about their use of the Zango malware. My form submission threw an error on their server side ASP code. The really scary thing, look at the error message:

Error Type:
Microsoft VBScript runtime (0x800A01A
Object required: 'zango' /cgi-bin/comments/webmail.asp, line 132

We'll see if any spam starts coming in to the (unique) address that I submitted to that form.

What this says to me though is that not only are they including JavaScript for an ad banner network, but their server side code is making references to 'zango' by name, implying a deeper relationship.

I think it's safe to assume for the time being that Snopes probably doesn't have your best interests at heart, and to not use an e-mail address that you care about if you choose to communicate with them.

No urban legend, that's confirmed.

[palegray.net (1195047)]

I get the same result. I thought I had sent my complaint (reference this post [slashdot.org] via their web form, but upon clicking back over to that tab I noticed the same error you got. So, to contact them about Zango's abusive business practices, I have to install Zango's abusive software to interact with their server, or it generates an error? Wow. Somebody's smoking some good stuff at Snopes. WHIOS has the following registry data for snopes.com:

Administrative Contact , Technical Contact :
Mikkelson, David
snopes@best.com
P.O. Box 684
Agoura Hills, CA 91376
US
Phone: (702) 988-4047
Fax: (818) 261-3054

The phone number appears to ring to offices at "best.com", who says their offices are presently closed and offer to take a message. Keying "best.com" into your browser will redirect to Verio [verio.com]. And round and round we go. I think I'll send a fax to the number listed in WHOIS.

It likely wasn't Snopes' decision

[patio11 (857072)]

A quick primer in online advertising, for those of you who block it:

At one end of the chain, we have Content Provider A. At the other end of the chain, we have Service Provider Z. Z wants to place advertising on A's site but, importantly, doesn't know how to do it, doesn't generally know specifically who A is, and needs this to scale to potentially thousands of As. This is where participants B, C, D, E, F, Google, H... etc come in. There are advertising aggregators, affiliate networks, affiliates, affiliates of affiliates, affiliates of affilates of networks of affiliates who subdivide the advertising market into smaller and smaller slices before it finally gets on A's site.

Now, somewhere in the chain, let us inject one person who is less than scrupulous. He doesn't work at Snopes -- this would tarnish a brand for a week's worth of income, not a smart play. He probably has a steady stream of relationships with each of the numerous advertising concerns on the Internet, picking up and moving from one after he has collected a check or three and then had the banstick for TOS violations catch up with him. He is the one working for, most probably, affiliate of an affiliate of an affiliate of Zango.

This is the way most malware makes its way onto ad networks and, from there, onto high-trust sites. Volokh Conspiracy, one of my favorite blogs, had a nasty browser hijacker which affected non-US users for months before their advertising network caught wind of it. A few popular MMORPG sites have ended up hosting keyloggers in the same fashion. It is an unintended consequence of a system without central control -- much like the Internet itself, actually. (The system being split up this way does have its advantages, for both endpoints of the chain and for everybody between. Google's business model is based on snapping the chain and replacing it with a big cloud labeled Gooooooogle, but they're not yet the only game in town.)

Obnoxious Advertising

[driftingwalrus (203255)]

Snopes has long had obnoxious levels of advertising. The site really isn't usable without AdBlock.

Re:

[STrinity (723872)]

A few days ago I posted a joking comment along the lines of, "What, Slashdot has ads? One of these days I need to browse without Adblock," and some jerk flamed me for being a freeloader. Well this is exactly why I go overkill with anti-adware programs.

Misleading Summary

[setirw (854029)]

This summary is somewhat misleading, since the user actually has to click the banner to install the software. Contrary to what the summary implies, Snopes does not perform drive-by downloads on its users. By the logic of this summary, tons of online publishers "push adware," since those "Free Virus Scan" ads are pretty ubiquitous...

Re:

[by Anonymous Coward]

This summary is somewhat misleading, since the user actually has to click the banner to install the software.

I know, and I had a hell of a time trying to get it to work under Wine! they really should fix that

I don't see any claim for driveby install

[Tran (721196)]

But he does say that since people trust Snopes that the software appears to be enorsed by Snopes. Which would lead people to go ahead and install it.

Re:I don't see any claim for driveby install

[yotto (590067)]

[i]Snopes readers... Who are generally somewhat cautious, skeptical or suspicious sorts, if only because they're most likely there to debunk some urban legend that's been going around... Are going to blindly install a shady virus scanner from a pop-up window ad.[/i]

Um, I don't send people to Snopes because they were cautious, skeptical, or suspicious. I send them to Snopes because they forwarded me an email about how a little girl in Indiana went missing and if you just forward it to your friends some company will donate $1 to the save the little girl fund or some garbage like that.

These are EXACTLY the type of people who will click on the flashy icon that says "Click here"

Re:

[LrdDimwit (1133419)]

They most definitely are not. They put up "The Repository Of Lost Legends", or "TROLL" for short, where they posted a bunch of bogus claims and said it was true. They wanted to drive home the point that you shouldn't replace blindly believing what $LUSER says, with blindly believing what's on snopes. Well, they didn't do a very good job; they had to add a disclaimer after they started getting their own bogus posts as real. People had been spreading them.

Yes, I was younger (a lot younger) then, but that

Who does what how?

[mcmonkey (96054)]

A little on topic/a little bit just an excuse to blather about something in my mind since the Cloverfield [slashdot.org] story:

Folks in the ad game are in trouble. And I mean the folks using ads to sell another product and the folks selling the ads.

Apparently there was some sort of 'buzz' about Cloverfield for the past few months. I missed it. That may not be interesting, except I watch 2 to 3 hours of TV a day, spend more time than that on the web, subscribe to several popular (non-technical) magazines, and read a daily newspaper. I don't claim to have my finger on the pulse of pop culture, but I'm not quite ammish.

I vaguely remember a teaser-trailer (perhaps before Transformers?), but other than usual pre-release media push in the last few weeks, I know nothing of this buzz. If that's the state of advertising, then those folks are in trouble.

How does this tie in to the current topic? Well...Snopes has ads? I would guess it would since there's no subscription fee and would make a very strange charitable effort otherwise. But if Snopes has ads, I can't say I recall ever actually seeing one.

Seriously, for TV I have TiVo. For the web, there's ad buster and other tricks. For magazines, those ads are usually full page and very easy to recognize and skip without reading. For radio, there's NPR. Pretty much the only traditional advertising that gets my attention are bra ads in the daily paper. And those aren't even selling anything I might buy! (Unless the models are for sale.)

"there practically every time" - not for me

[Animaether (411575)]

"These two popups are there practically every time you visit Snopes (see for yourself)."

Well, I did. And I didn't get any popups. I'm on refresh #30 or so.

No, I don't run adblock.
No, firefox isn't telling me it blocked a popup either.

I also tried with IE6. Still nothing.

Is the author quite sure they're not just targeting -him-? Be it my some manner of IP -> location lookup, or via an old cookie he's got laying around, or whatever?
Either that, or Snopes already changed things. Woo conspiracy theorists rejoice.

Re:

[greg1104 (461138)]

I get some sort of pop-up (which Firefox initally blocked) within a few refreshes of every time I clear the cookies on the browser. All the ones I've been getting are for Netflix and similarly decent companies, haven't seen the adware one yet.

Re:"there practically every time" - not for me

[Spy Hunter (317220)]

Snopes, like most other sites using popups, sets a cookie the first time you visit, so you only get the popup once per some amount of time (however long until the cookie expires). Also, these days sites get around popup blockers these days by raising the popups on a mouse click event, instead of when you first visit the page. Try clicking on an empty area of the page to generate the popup (after you have cleared your cookies).

I can confirm that they do use popups as I got one from them just yesterday. Actually what I got was a pop-under, masquerading as a Windows dialog box, which is even worse. Snopes' advertising has become quite obnoxious, but their content is still good so I grudgingly put up with it. Incidentally, if you hate popunders as much as I do, please vote for https://bugzilla.mozilla.org/show_bug.cgi?id=369306 [mozilla.org] to kill them forever. (Don't add comments to the bug though, that's bad bugzilla etiquette)

So Block Fastclick

[nachoboy (107025)]

If you don't like the ads a particular ad-server gives you, make sure they're unwelcome on your network, regardless of the site hosting the ads. I make sure fastclick.net (and about 150 other unsavory domains) resolve only to 0.0.0.0 at my DNS server. If you don't run your own DNS, OpenDNS [opendns.com] allows you to block specific domains as well.

The downside of adblockplus.

[ChangeOnInstall (589099)]

I've been running adblockplus for quite a while now and have effectively forgotten about issues like this. So have most others who would get upset by it. Of course then I'll unknowingly send friends/family to sites such as snopes without a second thought about malware concerns. To me it looked like a nice wholesome/clean site.

Re:The downside of adblockplus.

[rjstanford (69735)]

I once emailed a funny video clip on a website to my wife - it had a mildly risque title, but wasn't NSFW at all, so I even mentioned that in the email. Little did I know that the clip was literally bracketed with loud, auto-playing flash-based porn ads (seriously). She was, to put it mildly, unthrilled.

And no, I don't know the URL any more.

They also disable text selection

[ThatsNotFunny (775189)]

Talk about a user-unfriendly feature! They use some very annoying javascript to disable the ability to select a portion of text. No idea why...

Blocking Zango at the network level?

[macdaddy (38372)]

I'm sure I'm not the only one that would like to block Zango at the network level. Does anyone have the repository of information needed to create an effective block? I'm talking about RIR assignments, ASNs, SWIPed allocations, domain names, etc. Does anyone know of such a source? With this information I can ensure that none of my users ever have to put up with this Zango horse shit again.

I'm pretty sure this isn't true.

[foxtrot (14140)]

Snopes claims it's an urban legend.

Rot From The Top

[hyades1 (1149581)]

Given the earlier statement that a Wikipedia entry had been altered to hide the Snopes/Malware connection, it seems to me that it's unlikely the people running the site are unaware of the predatory advertising practice occurring under their aegis.

Re:Oneword

[CSMatt (1175471)]

Which is probably responsible for no one knowing about the adware for so long.

Re:Adblock Plus

[mclaincausey (777353)]

I recommend using Adblock Plus [mozilla.org] and NoScript [noscript.net]. You can also add a modified hosts file [everythingisnt.com], though I find between ABP and NoScript, I no longer use the latter.

NoScript requires you to explicitly enable sites to run scripts, either per session or permanently. This turns people off, but security is never easy and it's just two clicks.

Re:

[Kelson (129150)]

Who needs adblock? I just run a stock Firefox, and visit Snopes regularly. Every once in a while a pop-up appears and is instantly squashed. I can't remember the last time I saw one stay up long enough to read what it was advertising.

Re:Oneword

[STrinity (723872)]

Use them. It's just four clicks and a Restart. Install Now. Install Now. Install Now. Install Now. Restart.

I just did, but I'm still seeing your message, so obviously it doesn't work.

Re:Holy ...

[jjohnson (62583)]

Snopes isn't obscure--they're probably the most authoritative debunker of urban legends on the web. On the linked blog post, you can see several comments saying "I used to refer people to Snopes all the time when I got some glurge email."

Re:

[palegray.net (1195047)]

The news part is the fact that it's actively being discussed on a site like Slashdot. Here's the note I just sent Snopes via their web contact form [snopes.com]:

As you are probably already aware, Slashdot is running a story (http://it.slashdot.org/article.pl?sid=08/01/29/0047236 [slashdot.org]) about malware being served up from advertisements hosted on your site. This malware appears to be in the form of misleading popup ads for Zango (http://en.wikipedia.org/wiki/Zango [wikipedia.org] | http://www.zango.com [zango.com]), which is a company with a long-standing track record of deceptive business practices (reference FTC settlement here: http://www.ftc.gov/opa/2006/11/zango.shtm [ftc.gov] [which they have mostly failed to learn from]). These ads are being served by the Fastclick ad network, which is operated by ValueClick Media (http://www.valueclickmedia.com/ [valueclickmedia.com]). I strongly object to any site profiting from these sort of irresponsible ads, and would like to see prompt action on the part of Snopes to remedy this situation. Thank you for your attention to this matter.

Re:

[badasscat (563442)]

The news part is the fact that it's actively being discussed on a site like Slashdot.

Help me understand this.

It's news on Slashdot... because it's news on Slashdot?

That's a pretty meta way of determining newsworthiness...

So it also follows that if it was not news on Slashdot, then it wouldn't make it onto Slashdot?

Re:News?

[Architect_sasyr (938685)]

Well that explains the dupes...

Re:

[Corporate Troll (537873)]

Nah, but consider it this way: Microsoft wants us to waste our time on slashdot. Imagine if only half of the people here started to help with open source ;-)