YooTube Videos Pack Zango Adware Punch

Just days after announcing a $3 million settlement with the FTC over deceptive adware installation practices, Zango is again facing scrutiny from security researchers.

Just days after announcing a $3 million settlement with the Federal Trade Commission, adware firm Zango is again facing scrutiny for shady installation practices.

The Bellevue, Wash., company, born out of a merger between Hotbar and the heavily criticized 180 Solutions, is being linked to fake adult-themed YouTube videos floating around the MySpace social network.

According to an alert from Websense Security Labs, the videos come with an embedded installer that installs the ZangoCash ToolBar as part of a DRM (digital rights management) licensing agreement.

MySpace users clicking on the videos, which closely resemble videos from the popular YouTube player, are directed to content at "yootube.info," a Web site hosted in the Netherlands. The registration information on the domain appears to be fraudulent, Websense said.

San Diego-based Websense flagged the site as "malicious" and warned that the "click here for the full video" button will redirects users to a Windows Media Player video that requires the user to agree to an end-user licensing agreement in order to watch the video.

"Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash," the Websense advisory says.

eWEEK was able to reproduce the Websense findings during independent tests.

According to information on Zangos Web site, the company pays up to $0.45 per installation of the software, which offers free games, videos and other forms of content in exchange for pop-up advertising delivered to consumers.

/zimages/1/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

This is not the first time Zango has been linked to shady installation practices at the MySpace portal. Earlier in 2006, Christopher Boyd, a researcher at FaceTime Communications FaceTime Security Labs, based in Foster City, Calif., discovered Zango installers embedded in videos that autoplayed on MySpace profile pages.

At the time, the company acknowledged that its own developers had planted the videos on MySpace to test possible opportunities, but stressed that it was against internal policies to target MySpace. The profiles were later deleted after Boyd exposed the issue on his VitalSecurity.org Web site.

The latest discovery comes just days after the FTC announced that Zango would pay $3 million to settle claims that it used third parties to install adware on consumers computers, often without adequate disclosure.

The adware programs—Zango Search Assistant, 180Search Assistant, Seekmo and n-CASE—typically monitor computer users Web use to display targeted pop-up ads. According to the FTC, the adware programs were installed on U.S. consumers computers more than 70 million times and have displayed more than 6.9 billion pop-up ads.

The FTC alleged that Zangos distributors—third-party affiliates that often contracted with numerous subaffiliates—frequently offered consumers free content and software, such as screensavers, peer-to-peer file sharing software, games and utilities, without disclosing that downloading them would result in installation of the adware. In other instances, Zangos third-party distributors exploited security vulnerabilities in Web browsers to install the adware via drive-by downloads.

The FTC also charged that Zango deliberately made it difficult to identify, locate and remove the adware once it was installed.

The commission said the settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.