Adware Vendor Tries To Dance Around Sneaky MySpace Installs

from the blame-anyone-else dept

Earlier this week, we noted that adware/spyware vendor Zango (formed out of the merger of two widely disliked adware firms) apparently had someone trying to convince MySpace users to add videos to their site that also just so happened to install some of their adware. It did give users a popup, but as the original security researcher noted, it wasn’t clear that the popup was from Zango rather than MySpace — and many users would just click it to see the video, not realizing they would be installing adware in the process. In fact, it seemed particularly egregious to push these videos on MySpace users, urging them to include the videos on their own profiles as a sort of free distribution force. At first, it seemed likely that this was yet another rogue affiliate that the company had promised were a thing of the past. Instead, it turns out that it was the company’s own employee doing this — in violation of MySpace’s terms of service. The company admitted it was a mistake on an individual developer’s part (blame the employee!) and then proceeded to basically attack the researcher who brought this mistake to their attention.

The researcher, Chris Boyd, hits back today with a detailed response pointing out the inconsistencies and ridiculous statements from Zango. First of all, it’s amazing that they would make him out to be part of the problem, when all he did was point out to them what their own employee had done. Second, their claim about how the little popup they shove at people is perfectly clear is doubly amusing when you realize that they didn’t even bother to read MySpace’s own terms of service in setting these pages up. If they don’t read the legal language when they see them, why do they expect everyone to read theirs? Furthermore, the company later admits that if it hadn’t been an employee, but other users who went out and pushed these videos-with-adware through MySpace, they’d be perfectly fine with it. Given the company’s long history with surreptitious installs and blaming security researchers every time they highlight yet another problem with the company’s practices, is it really any surprise that this is happening?


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Adware Vendor Tries To Dance Around Sneaky MySpace Installs”

Subscribe: RSS Leave a comment
34 Comments
Nofreakingway says:

Re: Format???

I can’t believe someone actually formatted thier PC because of this. I’m sorry, but if you don’t know how to remove adware without simply reformatting, maybe it’s time to leave the computer alone until you have a clue as to what you’re doing with it.

Besides, YOU are half of the problem, seeing as you actually clicked on the damn popup in the first place. Yet another reason to license people to get online….

Whateva says:

Re: lol.

Anyone should know that if a Popup comes up, to close it instantly. If you are too stupid to know this, gtfo the Internet.

Sean, do you honestly believe that ANYONE who uses the internet and clicks on a popup is stupid and is somehow unworthy of using it? Do you have kids Sean? Older relatives or friends? It happens. Insulting the victem is not the way to go. Adware and Spyware are prevalant because they use highly deceptive techniques. But go ahead believing that anyone not as smart as you needs to “GTFO the internet”. You’re the kind of guy that would condone date-rape. “She should’ve known better.”

kjpweb says:

What do you expect?

Well – as long no one really intervenes – sure they are going to place their crap wherever they find a place that they can get their hands on.

Take them to cleaners each and every time or even better – outlaw Spyware/Adware and place them in the same category as Viruses.

Make installing of software on users computers without clear consent a fellony. Elevate it to the status of breaking and entering – what it essentially is.

If there is no money to be made without the risk of incarceration – they will simply dry out and fade away.

And what MySpace is concerned – if they were fortifying again known threats, TOS violations – things like that could be easily detected. It is quite funny – that a 3rd party has to make them aware…

kjpweb says:

An afterthought

Addendum to “What do you expect?”

And why not take the manufacturer of products and those who offer the services pushed by Spy/Adware and have them take the heat, too. If you advertise and pay money for it – you KNOW EXACTLY – what you are paying for.

So they share the responsibility and should share the consequences – the harder – the better.

John says:

what doesn't kill you??

I suppose that these instances where spy/mal/ad ware infects our personal confusers without our permission or interaction, will toughen us and make us aware that “teh interweb” isn’t a safe place. IMHO there should be legislation passed to punish these kinds of invasions. What would you do if someone installed an advertising banner on your car or house? BTW – Sean – I agree with whateva – take it easy on the innocent clickers, even I accidentally click on these sometimes (that’s why I don’t run as ADMIN)

firemeg (user link) says:

Shooting itself in the head...

Myspace is shooting itself in the head here. Parents are already pissed about their under-16 year olds using the site, legislators are up in arms about it, Christian groups are having fits…. Now isn’t the time to put this crap on their site, and certainly not a good idea to condone the “accidental” placement of the pop-ups.

Any press is good press might not hold true here. If parents who are a bit educated about the internet find out about this, is will be one more reason to keep their kids off Myspace. I know the thought of having to reformat my computer is another good reason to not allow my teenager on the site.

charlie potatoes (profile) says:

Zanger

I used Bear Share for a long time. It was great.. then a while back it began to act funny…yada yada yada, i reinstalled and lo and behold I had Zanger all over my pc.

Then they had the balls to tell me this was the price I had to pay to keep Bear Share…i reformatted to get them off. fuck, is this a great country or what? ass holes can legally vandalize my property…

surely one day in the future they will manage to gore the ox of some congressman and we will see our legistators in action…I get chills just thinking bout it.

A chicken passeth by says:

Anyone should know that if a Popup comes up, to close it instantly. If you are too stupid to know this, gtfo the Internet.

Well, that’s good advice and all, but there’s some stuff today that CAN circumvent this technique. I suppose you haven’t seen WinFixer, ErrorSafe and their clones yet.

What they do is code their download/page open/install events around the WindowClosing event as well (even going to the extent of catching the ALT-F4 or the End Task – Browser), so you can’t escape _unless you disconnect from the internet_ or you outright disable all java/css/scripts in the first place.

And once you do, you’ll never be able to post in a place like this unless you re-enable them, which places you in danger… again.

Chris G says:

Re: The Answer.

Firefox alone will not stop pop-ups. Nor will any browser itself.

Your best option is to use a browser with a pop-up blocking feature and on top of that, use a extension/plugin such as NoScript, allowing only those scripts to run that you approve.

No amount of protection; pop-up blockers, spyware/adware/virus removal and protection programs or firewalls will provide adequate protection. That is fact and always will be. If anyone says using any one or more peices of software will be all the protection you need I suggest you tell them they are better fit for working at their local McDonalds.

Common sense is always your #1 form of protection. With that, you can protect yourself without any software or additional hardware forever. (We have not hit the point that users are that smart though). It’s sad that most people with any level of IT knowledge are also too stupid to know how to protect themselves and on top of that claim they know everything or have the ultimate solution over every one elses.

A chicken passeth by says:

Where do u find such pop-ups as these? Only place i could guess is all those porn sites ppl enjoy looking at…. I havent run into any of these horrible pop-ups for a long time…

I, too, thought that these idiots would stay at the questionable sites. But I found out I was wrong 2 days ago.

Google ErrorSafe and see which forums are complaining. Apparently an advertiser sneaked this POS into one of their Ads in the rotation. When that ad displayed: BOOM, popup heaven and a hell lot of angry ImageShack, LiveJournal and WoW Forum users.

Sure, the ad has been removed, but for some users the damage is already done.

I caught ErrorSafe last week and had a hell of a time removing it. Guess where I found it? Imageshack. Of all places. Unless a site isn’t ad-supported, you WILL be in danger even if the site IS legit.

Tread carefully!

A chicken passeth by says:

but if you don’t know how to remove adware without simply reformatting, maybe it’s time to leave the computer alone until you have a clue as to what you’re doing with it.

I think that’s an unfair accusation, especially after having to deal with an Apropos infection that F***’d up a Norton Antivirus install so bad that it will never run properly ever again (BSODs with IRQL_NOT_LESS_THAN on system start unless running in safe mode), even with all the spyware code gone, even after a reinstall, even after a wipe with SymNRT.

I stopped short of reinstalling only because the boss didn’t want to go through the trouble of reinstalling everything on his family laptop. I gave him AVG in the end, but the point is some issues simply require reinstalling no matter how you look at it.

I do agree with you about the license to surf thing, tho… the Boss’s son just gave me 2 straight days of unpaid overtime.

Sanguine Dream says:

Why...

aren’t ad/mal/spyware illegal? Let’s I come to your house right after you move in and introduce myself as a neighboor but when you let me I spray paint graffitti all over the inside of your house. Not only will you beat the daylights out of me but you can have me arrested too.

Just like ad/mal/spyware I acted under false pretense to trick you into letting me do what I want. So why is it that one will get me arreseted while the other won’t? Your home and your PC are both actual physical property so there’s not argument there. The government is trying regulate the internet (like tyring to ban online gambling and social websites at school) but none of the politicians say anything about ad/spy/malware.

A chicken passeth by says:

@Sanguine:

I actually asked the same question about SPAM all those years ago. Then I realised one thing.

I noted that industries used another name for SPAM. It’s called mass-mailing. According to the industry, it’s completely different from SPAM and as such is “not illegal” unlike spam. It was only much later that mass-mailing was seen as SPAM, and companies started moving away from it.

If you look at the whole spyware thing, you’ll notice that spyware quacks and waddles a lot like viruses. Here’s the truth: spyware uses virus technology to spread; in effect spyware IS a type of computer virus. It’s the industry trying to come up with a separate term to confuse people and cover their tracks.

They aren’t completely successful in severing the virus link, tho. Up to now they still haven’t decided whether a trojan is a virus (as it once was) or spyware (as some of them are now classified as).

Don’t be fooled, they’re all viruses. The ones who programmed them are just using legal loopholes, and they are continuing to use legal loopholes now… look at the way corporations are clamouring for the erosion of user privacy and locking down of their viral source code.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...