Slashdot Log In
Adware Spreads Through Myspace
Posted by
timothy
on Mon Jul 10, 2006 08:57 PM
from the so-doesn't-that-make-it-really-ourspace? dept.
from the so-doesn't-that-make-it-really-ourspace? dept.
Sandbagger writes "Here's an interesting problem for MySpace — groups of websites that entice MySpace users into placing videos onto their profile pages (under the guise of 'free content'), without disclosing a key piece of information that might make them think twice. When someone visits one of these profiles carrying the video, a DRM acquisition box pops up and attempts to install Zango adware. In all likelihood, the profile owners don't even know these videos are doing this to their visitors. The end result is an Adware affiliate effectively removing himself from the distribution chain and letting kids promote these videos instead, in a strange example of viral marketing gone wrong."
Related Stories
[+]
Zango Caught in Lies About MySpace? 81 comments
An anonymous reader writes to mention that Zango's still under suspicion for problems on MySpace. ZDNet has the story, discussing rumours of multiple accounts, paid Zango hawkers, and mass emailings. From the article: "Boyd posted some choice snippets from the email, like this: 'Zango is fairly new with myspace sites and it took me some time to see what works and what doesn't ... more profitably, *go to a bunch of your friends* who have popular profiles and pay them (it's up to you so much. One of my partners said 5$..maybe offer to split the money with them?) to put a zango video into their profile through your site. This will give you hundreds of extra installs a day (this probably works even better than having them on your actual site).'"
[+]
Social Networks Attract Malware Authors 76 comments
Looks like the Zanga attack on MySpace last summer was a bellwether. Tiny Tuba writes, "Parents and social network users have one more thing to worry about. According to a
PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more." From the article: "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."
[+]
Zango Under Fire From Adult Webmasters 93 comments
An anonymous reader writes, "Over the past few days, adult webmasters have been accusing adware maker Zango of 'stealing sales' by means of the following method: Computer users with Zango's adware on board will pop open a window containing the affiliate merchant's site they happen to be on at the time, except with Zango's own affiliate code in the window. By doing this, Zango claims credit for the sale and the original, rule-following merchant, the one who referred the user there, loses out. Despite this practice having been around since at least 2004, it seems the adult webmasters are only just realizing this takes place — surprising, considering how deeply connected the worlds of adware and porn are. It seems pornographers pushing adware is acceptable only as long as they aren't the ones getting burnt. Part of me doesn't care, and part of me hopes they carry the financial clout to force Zango to change their current practices."
[+]
FTC Fines Zango $3 Million 77 comments
An anonymous reader writes "Wired is reporting that government regulators have fined rogue adware distributor Zango (formerly 180Solutions) $3 million. This is 'following charges that the company deceived internet users into installing its pop-up software and tried to prevent them from uninstalling it.' ZDNet mentions that 'Zango's executives pointed a finger elsewhere, claiming that the federal violations were due to third-party distributors rather than the software manufacturer itself.' Security researchers are still happily finding examples of Zango software being popped open in rogue distributions such as IM worms. Ben Edelman is claiming to have more evidence of their dubious business practices, casting into question their claims of newfound affiliate responsibility."
[+]
Your Rights Online: Spyware Maker Sues Anti-Spyware Maker 158 comments
prostoalex writes "An 'online media company' Zango, which gained notoriety for redirecting adult affiliate traffic and the first ever MySpace worm, is now suing the anti-spyware vendor PC Tools, maker of an application called 'Spyware Doctor', for removing Zango applications off the consumers' PCs. 'According to a posting on a blog called Spamnotes.com, Zango is seeking at least $35 million in damages, alleging that Spyware Doctor removes Zango's software without warning users that it will be deleted. The lawsuit was filed Tuesday in King County Superior Court in Seattle, according to Spamnotes.com. Formerly known as 180solutions, Zango is trying to clean up its tarnished reputation. In November it paid $3 million to settle U.S. Federal Trade Commission charges that its software was being installed deceptively on PCs.'"
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Is that a rhetorical question? (Score:5, Funny)
(http://www.nightlifemagazine.ca/ | Last Journal: Thursday March 24 2005, @12:46PM)
Re:Is that a rhetorical question? (Score:5, Funny)
(http://students.washington.edu/neba)
Re:Is that a rhetorical question? (Score:5, Informative)
All good marketing is viral (Score:5, Interesting)
(http://dotfuturemanifesto.blogspot.com/)
The same problem appeared on blogger a year back. I don't know if they ever got the problem under control (I learned to stop using the next blog button), but it was a real pain.
There are two problems here, first MySpace should get a clue and eradicate the infestations. Second IE should have taken steps against forced downloads back in 1998 when it was only realplayer and flash that kept asking if they could install fifty times a day. At least that was only a consequence of the pages having the active content rather than a deliberate attack to put the malware on the machine.
The reason I use Windows is precisely because you don't notice this sort of stuff if you spend your time using Firefox. I want to know the next attack while it is going on.
As an absolute rule it should never be possible for active content running in a user application to crap on the operating system internals. It should never be possible for any program to install itself in a way that is intended to prevent removal.
Windows is trying to introduce this separation but running a Windows box without access to administrator or super user privs is pretty miserable. And to an attacker super user is administrator in any case.
Re:Is that a rhetorical question? (Score:4, Funny)
Marketing is like rape to sex.
Or:
Marketing is always wrong.
Has a nice ring to it, that last one.
Re:Is that a rhetorical question? (Score:5, Funny)
(Last Journal: Thursday May 24, @01:08AM)
Here we can see a fine example of the tragedy of the commons.
On that note... (Score:5, Insightful)
(http://192.168.2.1/)
On Adware and Myspace: it was a pandemic waiting to happen. One of those nasty traits of a large populus, is that when something becomes sufficiently commonplace and comfortable, it becomes an easy target. It's my understanding that myspace is riddled with holes, bugs, etc. That being said, it's only a matter of time until those are found, and exploited.
Though I understand it doesn't end with Myspace, as the attack used is not explicitly limited to that social networking service; it simply is the vehicle for the delivery, and a prime candidate with a vulnerable userbase.
Unrelatedly, I heard a random statistic that said that some asinine percentage of the net's streaming video traffic was due to Myspace. I brushed it off, as, well, that's a sortof silly thing to take to heart, but I wonder if there's any truth to it.
Re:On that note... (Score:4, Insightful)
(http://www.buran.org/)
And you could have walked up to any of them and said "Excuse me, I have a paper to write and I need this computer." And if they refused to give it to you, had them removed by lab staff. University computers are for academics first, and anyone who needs them for that purpose can boot off anyone who is just goofing off.
A real reason to block the site (Score:5, Interesting)
Technical details? (Score:5, Interesting)
Re:Technical details? (Score:5, Informative)
(http://www.berylliumsphere.com/security_mentor | Last Journal: Wednesday January 31 2007, @09:13PM)
http://www.pandasoftware.com/about/press/viewNews
As opposed to... (Score:5, Funny)
(http://slashdot.org/)
Strange because things referred to as "viral" so rarely go wrong.
Think twice? (Score:5, Funny)
(http://www.toleressea.net/)
With all the clutter on there already... (Score:5, Funny)
remember kids (Score:1, Funny)
What's so particularly wrong? (Score:5, Insightful)
(http://cafepress.com/phototravel?pid=5934485)
I'd hate this practice too, if it affected me, but why is it any more wrong, than any other children-targeted marketing (like advertising action-figures in between cartoons)?
America really is growing daft (Score:4, Interesting)
(http://www.codemonkeyramblings.com/)
People look at me like I'm a Nazi because I seriously don't think most Americans should be enfranchised. Let's face an ugly truth. Our founding fathers were right: most people are unfit to vote. This is a perfect example why. Parents and teens that by now can't handle their own security online are generally irresponsible people, and irresponsible people make terrible voters. Problem is that for every voter who has his or her shit together, watches their kids and is a good, solid citizen, there are 5 morons who will vote like sheep. That dilutes the power of the responsible people to guide society.
I'm personally sick of the MySpace crap. I don't know how we'd find a good criteria for mass-disenfranchising bad parents and most college-age people, but we need to find one. Society is going to hell because we let people who cannot take responsibility for themselves vote in people who won't take responsibility for themselves... and that's bad. These are the people with their fingers on the most powerful nuclear arsenal on Earth.
Learning how spyware gets you is part of using the Internet. It's like living in a big city and actively avoiding finding out where the bad sections of town are.
Re:America really is growing daft (Score:5, Insightful)
(http://lawpoop.blogspot.com/ | Last Journal: Friday May 28 2004, @06:51PM)
The reason people look at you like you're a Nazi is because once you start with "these people aren't fit to vote, I know what's best for them", then you start feeling entitled to make other decisions for them, such as what kinds of jobs they can hold, where they can live, and whether they are allowed to reproduce. The 'slippery slope' card is one that's too often use where it's not warranted, but this is a place where it's obviously warranted, by historical precedent.
Let me say this as clearly as I can: if you think you know better than me as to what's right in my life, fuck you. You have no place making decisions for me, or anyone else. Society really goes to hell, as in labor camps and mass exterminations, when we let right-wing ideologies like yours come into power. We've fought long and hard to get where we are today, and it makes me sick to hear you say that just because you don't like myspace. It's a friggin' website, for crying out loud!
Futhermore, the founding fathers didn't say that most people are unfit to vote. They specfically left out particular groups based on race, ethnicity and gender -- women, blacks, Indians, etc. They did not say that most people are unfit to vote. I would bet that you know, or at least know of, women and blacks that are certainly fit to vote by your standards, just as there are women and blacks that are unfit to vote by your standards. The problem comes when someone starts thinking their standards are the ones we should use to disenfranchise voters.
Re:America really is growing daft (Score:5, Funny)
(Last Journal: Sunday November 27 2005, @02:29PM)
It could also be the the little toothbrush mustache and the swastika armband.
Re:America really is growing daft (Score:5, Insightful)
(http://www.firehed.net/)
The good news is that, to some degree, the problem is self-correcting. Those "unfit" to vote are the type that keep well away from the ballot boxes, since they're all too busy picking the next American Idol. In fact up to quite recently (quite possibly the GP post), I was trying to figure out why we didn't implement some sort of internet- or phone-based voting system. Then it hit me - the people who are too fucking lazy to either go down to the voting booths or get an absentee ballot if they can't make it are the exact type of people who will, without any question, vote like sheep. You can bet your ass that shows like American Idol, Big Brother and other call-in-/text-in-/log-in-to-vote shows wouldn't have made it to the second episode if their voters had to head to the town hall or other voting emporium to vote.
The counterpoint to that being that while you tend to keep the dumb sheep away from the ballots, those who have some hardcore feelings about a hot-topic issue DO flock to the polls to get something passed/rejected or someone voted in. Naturally, if you can't be bothered to vote then you've got no excuse when you're not happy with the outcome, but you'll still end up with some vastly unpopular things passed when people don't feel strongly enough to get out there.
The biggest problem is really that voting is just a popularity contest. In the last ten years or so, I've seen one candidate - ONE - who's campaign was "here's my stance on these issues, vote accordingly". Everything else has been "I'm great for pointless reasons x, y, and z" or "the other guy sucks for irrelavent reasons u, v, and w." How completely worthless. It would be one thing if you didn't agree with any of the candidates up for election, but it's something else when you're forced to go in blind because their multimillion dollar campaigning told you absolutely nothing.
a href's (Score:2)
basically, anchor refer tags do not always point to what they are supposed to. myspace is bringing back to the forefront lots of little details/problems from the late nineties from 'user' made websites, mostly geocities. it is reminiscent of when someone would like to embed an image fron your domain onto thier page and you would change it to a goatse picture.. and thier page would be showing what you controlled (and then they would bitch, but thats besides the point).
when you embed (and link: remember that 'i am viewing gay porn IE killer javascript awhile back?!) content from other providers, you should trust them not to change it (and let them know you are doing it!).
Holy smokes (Score:3, Informative)
Problem solved.
Re:Holy smokes (Score:5, Funny)
(http://www.mangaschool.com/ | Last Journal: Tuesday January 03 2006, @07:51AM)
Myspace (Score:2, Interesting)
TreasureTrooper (Score:2)
(Last Journal: Monday February 20 2006, @09:53AM)
Let me put in a shout for TreasureTrooper - no adware, but mobs of dorks are spamming YouTube video comment streams on their behalf
adware scanner (Score:2)
MySpace is a lost cause (Score:5, Interesting)
(http://zaphodforpresident.com/)
Sure enough, dozens of "Web 2.0" MySpace clones appeared, offering better features and the same "fight for the little guy" mentality that MySpace had become famous for. I expected those MySpacers would be off in no time. Being that I'm a tad too old (26) for those "wacky kids", I diverted my attention and awaited the sound bite that "the MySpace phenomena was over".
A year later, I'm still waiting. Meanwhile, the juaggurnaut that is MySpace continues to grow like WalMart on crack, and other News Corp properties (FX, Fox, Fox News) have jumped on the bandwagon. Call me naive, but I expected the "corporate parent" to stay well hidden from MySpace for fear of losing their main demo (Q: what are you rebelling against? A: what do you got?). Instead the opposite has happened: MySpace and fox passed the "sell out" threshold months ago, and millions more have poured onto MySpace as a result (I find myself meeting people well into their 30's and 40's with freaking MySpace accounts these days!).
So, the simple answer here in regards to the recent scam-ware MySpace epidemic is: duh. My opinion of those "60 million" antidisetablishmentarianist (take THAT grammar nazis) hit rock bottom awhile ago.
So why do I get so fired up about a website I never used in the first place? Because I give people too much credit, that's why. I was first exposed to MySpace by searching technorati and ending up in "the blogs". Believe it or not, not ALL MySpacers are completely illiterate retards. A few made excellent points regarding DRM, media and political collusions, and the evils of Fox News. But when all of this "dissent" can be bought up by "the enemy" in 5 minutes, and NO ONE EVEN CARES, it simply blows my mind.
But then I admit to myself that I still use Google, and therefore, am an ugly stinking hypocrite according to my own psuedo-morality.
In the immortal words of Homer Simpson: D'oh.
hmmm... (Score:3, Funny)
(http://www.usflowerhaus.com/)
So glad... (Score:1)
(http://ubuntumusic.blogspot.com/)
Terrible Article, Dead wrong (Score:2, Interesting)
The person (author of the article?) got a video link to a video from Zango which was DRM'd. The DRM is what makes your Windows Media Player popup that window. The file's DRM tells the Windows Media Player what URL to pull up. Anyways, all this person did was post a DRM'd video.
What a stupid article. It's all FUD to me.
I don't get it? (Score:1, Insightful)
(http://www.jasongreb.com/)
Gone Wrong, Indeed (Score:3, Insightful)
(http://ewhac.best.vwh.net/ | Last Journal: Saturday August 18 2001, @10:28PM)
Schwab
the world is just (Score:2)
wmplayer alternatives? (Score:3, Informative)
WMP's DRM is FUBAR (Score:1)
Zango at TechCrunch (Score:2)
(http://www.simpy.com/ | Last Journal: Tuesday April 15 2003, @12:58PM)
http://www.techcrunch.com/2006/07/10/zango-brings
MySpace are no strangers to the Spyware business (Score:3, Interesting)
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
It sure sounds alot like it's describing much of what myspace is, and myspace is a "deleware company" in the US and subject to US laws.
As for their kind fondness of spyware, see the citations below for more info.
Birds of a feather they say.
http://www.intermixedup.com/ [intermixedup.com]
"Intermix Management and other Insiders sold approximately $25 million of Intermix stock in full knowledge that the New York State Attorney General (NY-AG), Eliot Spitzer, would soon file a lawsuit against the company for
certain adware promotion activity. Management and Insiders sold vast quantities of stock before disclosing this critical information appropriately to the rest of the marketplace. "
http://en.wikinews.org/wiki/Bloggers_investigate_
"Actually, MySpace had simply shut down and become ResponseBase-- as evidenced by the "Freebies" newsletter above. ResponseBase also used a list of 8 million e-mail addresses purchased from Xdrive for their newsletters. In 2002, ResponseBase was booted from their ISP as an illicit spam organization-- with Tom Anderson himself listed as their billing contact. And later still, ResponseBase would be renamed to MySpace."
"Intermix Media itself has a tangled history. In 2004, Intermix (then operating as eUniverse) was named as a spammer organization on USENET. It purchased ResponseBase, shut down its operations, and reformed it as MySpace. On April 28, 2005, Intermix was sued by the State of New York for installing malicious spyware over the Internet. According to their press release:"
What bozo at Microsoft put this into their player? (Score:2)
(http://www.animats.com)
It's not Myspace. It's Microsoft. Why, for whatever reason, should Windows Media Player download and start an executable file from an unknown party?
Here's what Microsoft put in Media Player 10. See Windows Media Digital Rights Management (security) [microsoft.com]. (Not your security; the content owner's security.) To play a packaged digital media file, the consumer must first acquire a license key to unlock the file. The process of acquiring a license begins automatically when the consumer attempts to acquire the packaged digital media file, acquires a pre-delivered license, or plays the file for the first time. Windows Media Rights Manager either sends the consumer to a registration page where information is requested or payment is required, or "silently" retrieves a license from a clearing house.
That mechanism requires a Microsoft-approved license server, and apparently these attackers don't have one. So they use a related feature, which allows content to run a client-side script. This does show the user a popup; its not totally silent. But if the popup is answered, the script can download and install anything.
As soon as some attacker gets their hands on a Microsoft-approved license server, they can craft much better attacks. You don't even have to break into anything; there's a published SDK. Yes, there's code-signing and you have to sign an agreement. But if you can get past that, you 0wn anything that downloads your content. Even mobile devices.
Can you lock down a windows XP box? (Score:2)
That being said, are there ways without special software to lock down a windows xp machine so your kid or niece or whoever couldn't inflict this kind of damage on it?
I'm really just curious, this isn't a pressing issue for me.
Natural Selection (Score:1)
Let me clear up this misconception (Score:2)
(http://www.neutronstar.org/)
Viral marketing will never "go right" for anyone except the ass-sucking, bottom-feeding marketers who come up with it. Happy to help.
MySpace should kill video embedding anyway (Score:1)
You visit someone's page that has 4-6+ videos on it set to autorun, plus several people in their friends lists use videos as sigs, for another 8-10+ more videos.
The browser pretty much locks up (unless you're on a T1 line), and you exit the page without having seen much of the page at all, or (very likely) any of the videos.
-----------------
Of course, there is that little problem with crappy page design, but as it is, many of the pages you can't even see. First things first.
~
Cross Posting on Myspace.. (Score:3, Interesting)
(http://www.plocp.com/)
Anytime you cross post to content on another server you run the risk of a "switch" at anytime.
Change the script (Score:1)
Obligatory (Score:1)
(http://www.egyptiancampaign.com/)
what domains are spreading it? (Score:1)
(http://www.geocities.com/ahoier)
[OT] Please block spam ip 202.138.168.92 thx :) (Score:2)
(http://www.slashdot.org/ | Last Journal: Tuesday March 09 2004, @11:15PM)
Spam IP: 202.138.168.92
Netmask: [zoneedit.com] 202.138.160.0/20
Owner: digitelone.com (APNIC/Phillipines) - On file with rfc-ignorant.org [rfc-ignorant.org] so it is useless to contact them.
Proof below: (angle brackets deleted, victim email addresses sanitized except mine)Incoherent email 'ping' from a clueless spammer. If this message had meaningful content in it, it would have been cause to celebrate -- my first real email at iamcf13@hotpop.com since I started using my homebrew email client. [rapidshare.de] Oh well, still waiting....
Is there a 'global' online clearinghouse where I can email/webpost information such as this so it can 'trickle down' to all the online blacklists?
If you know of one or more, please reply to this post, thanks.
P.S. Slashdot CAPTCHA: killings
Isn't that what we all try to do to unwanted email anyway?
Re:just another reason... (Score:3, Interesting)
That's funny... (Score:1)
(http://ninenine.com/)
your overconfidence is your weakness (Score:3, Informative)
Remember, paranoia is a survival trait, no matter what your OS.<