Zango

From Wikipedia, the free encyclopedia

180solutions, Inc. Zango
Type Private
Founded 1999
Headquarters Bellevue, Washington
Key people Keith Smith, Co-founder, Chief Executive Officer
Jamie Miller, Chief Financial Officer, Chief Financial Officer
Ken Smith, Co-founder, Chief Technology Officer
Doug Hanhart, Co-founder, Chief Information Officer
York Baur, Executive Vice President,
Ken McGraw, Executive Vice President, General Counsel and Chief Compliance Officer,
Rip Warendorf, Senior Vice President of Sales
Industry Adware
Advertising
Marketing
Products Adware
Revenue Undisclosed
Employees 225
Website www.zango.com

Zango, formerly 180solutions and Hotbar, produces software that provides to access partners' games and DRM-restricted videos and software. Zango software is listed as "adware" by Symantec.[1] McAfee states, "this program may have legitimate uses", but describes it as a "potentially unwanted program", and an "adware downloader".[2]

Contents

[edit] Content

Zango's consumer website asserts that the company is "committed to creating a content economy built on a foundation of safe and ethical practices by protecting consumer privacy while offering a fulfilling and high-value content experience." Zango content includes sports, comedy, dance, erotic videos, online games, and screensavers.[3] Warner Bros. and others have been known to provide content, although Warner Bros. has terminated[4] its business relationship with Zango after an online outcry.[5]

Undesirable software behaviors

StopBadware.org lists a number of undesirable behaviors associated with Zango Easy Messenger, including "behaves as spyware", "automatically runs on startup", "displays pop-up advertisements", "installs adware", and "bundled software cannot be closed".

The same site states, "We find that Zango Easy Messenger is not badware, although it does engage in behaviors that users should be aware of."[6]

Websense issued a Zango-related security advisory in November 2006. The report stated that "Websense Security Labs has discovered a number of user pages on the MySpace domain which have videos that look like they are from YouTube. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on sever sites such as Yootube.info, Yuotube.com, Youtuhe.com, and etc. these all will most likely give you spyware."[7]

A more detailed analysis of this attack appears in "Zango Practices Violating Zango's Recent Settlement with the FTC": "Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango's obligations under its November 2006 settlement with the FTC." These include a failure to include an on-screen disclosure of material terms, widespread in-toolbar ads without the labeling and hyperlinks, ads for "bogus Sites that attempt to defraud users" and third party installations without any disclosure whatsoever.

Automated analysis by McAfee SiteAdvisor in May 2008 reports "629 red downloads - In our tests, we found downloads on this site that some people consider adware, spyware or other potentially unwanted programs." [8].

[edit] History

[edit] 1999 to 2001

When founded in 1999, Zango was known as ePIPO. It was one of the first "pay-to-surf" companies, following in the footsteps of AllAdvantage. This business model paid users a minimal amount to surf the Internet while running an application that showed banner ads. Users could also make money by referring others who would use this application.

After enjoying brief success, the pay-to-surf business model declined with the bursting of the Internet bubble in 2001, and 180solutions adjusted their technologies in several ways:

  • To show pop-up ads rather than banner ads.
  • To not have any visible GUI.
  • To be bundled with other potentially valuable applications.

ePIPO changed their name to 180solutions.

[edit] 2002 to 2005

From 2002 through 2005, 180solutions' applications (ncase and 180SA (search assistant)) were distributed via various affiliates. While these affiliates were legally required (by 180solutions contract and other laws) to obtain the permission of the user prior to software installation, many did not, and this resulted in millions of illegal non-consensual installs. Many other affiliates notified users only via the end user license agreement and this resulted in millions more of arguably legal but still essentially non-consensual installs.

180solutions' software showed pop-up ads while a user was surfing the Internet. This software was often, but not always, bundled with other pieces of free of charge software which the user intentionally installed. Since permission to install the 180solutions adware was typically hidden in an EULA, most users were unaware of the fact that they were installing adware. In some cases 180solutions' software was not bundled with any other software, but installed as a standalone install. Using this method, an ActiveX prompt simply asked the user to install the software so that they could receive "comparison shopping advertisements".

180solutions contended that the value of the bundled software or the "comparison shopping advertisements" made up for the inconvenience of the pop-up ads. The value of this trade-off was contested by critics of the adware business model.

In 2004 Benjamin Edelman, assistant professor at Harvard Business School and spyware researcher, analyzed the network behavior of 180solutions applications and claimed they redirected commissions to themselves that were properly due to affiliates, and additionally caused merchants to pay commissions when affected users clicked on merchant sites directly.[9]

During this time, 180solutions' applications were often difficult to uninstall, requiring the user to download an additional 'uninstall' application made by 180solutions or to use an adware removal tool. In 2005, the software uninstall was standardized to use the Windows 'add/remove programs' feature.

In 2005, 180solutions implemented a number of initiatives that were intended to show that the company was serious about controlling the distribution of its software to eliminate non-consensual installs:

  • March: Acquired one of their distribution partners, a Canadian company called CDT (dba LoudCash). This gave them direct visibility into and greater control of many of the formerly "third party" distributors.
  • June: Claimed to have re-notified its 20 million user customer base and implemented a program that notifies all users within 72 hours of install and re-notifies all users every 90 days thereafter.
  • August: Filed suit against seven individuals alleged to have illegally distributed its software using a botnet.
  • November: Announced an ongoing partnership with the FBI in breaking up a botnet ring in the Netherlands.
  • December: Ended distribution of the 180SearchAssistant and closed LoudCash (a remnant from the CDT acquisition). They claim that this removes the financial incentive for fraudulent installs, which many critics claim not to be true.

[edit] 2006 to 2008

Despite the initiatives of 2005, 180solutions admitted that it is possible for malicious users to hack their install routines and thus cause fraudulent installs.[10] They claim that the percentage of fraudulent installs has dropped from over 10% to under 1%. Critics claim that the business model is untenable because fraud against 180solutions (which therefore harms unknowing users via non-consensual installs) can never be completely removed.[11]

In early 2008, a malicious Facebook widget was discovered by Fortinet as luring users to install Zango under the pretence of identifying a “Secret Crush”.[12] This has since been proven to be untrue by an InfoWorld blogger.[13]

[edit] Federal Trade Commission charges and settlement

On January 23, 2006, a public advocacy group filed two official complaints with the Federal Trade Commission. The Center for Democracy and Technology complaints charge 180solutions with engaging in unfair and deceptive business practices, deliberately duping Internet users into downloading intrusive advertising software.[14]

In 2006, the Federal Trade Commission charged Zango with "Deceptive Failure to Disclose Adware", "Unfair Installation of Adware", and "Unfair Uninstall Practices" in violation of the Federal Trade Commission Act.[15] Since the FTC ruling, security researchers continue to find Zango involved in problematic installs.

In November 2006, Zango settled this complaint via a consent decree with the FTC, without formally admitting guilt. In the words of the Federal Trade Commission press release, "Zango, Inc., formerly known as 180solutions, Inc., one of the world’s largest distributors of adware, and two principals have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future downloads of Zango’s adware without consumers’ consent, requires Zango to provide a way for consumers to remove the adware, and requires them to give up $3 million in ill-gotten gains."[16] These restrictions remain in force for twenty years. The agreement also requires respondents Keith Smith and Daniel Todd to notify the FTC of the discontinuance of their current business or employment, or of their affiliation with any new business or employment, for ten years.[17]

In July 2007, Edelman said, "Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango's obligations under its November 2006 settlement with the FTC."[18]

[edit] Other litigation

In September 2005, attorney Shawn Collins filed a class action lawsuit against Zango on behalf of three plaintiffs, alleging that Zango deceptively installed spyware on more than 20 million personal computers. The company says its software is voluntarily installed by users who download premium content in exchange for their consent to view advertisements relevant to what they search for online. During pre-trial discovery, the parties agreed to a dismissal with prejudice, meaning that the suit cannot be brought again by the same complainants. Each side agreed to pay its own fees and expenses.[19][20][21]

In May 2007, Zango filed a lawsuit against PC Tools alleging tortious interference with its business and trade libel, because the PC Tools product Spyware Doctor at that time classified Zango software as malicious and removed it without informing users.[22][23] Zango dropped the suit after the judge ruled that the suit was "unlikely to succeed on the merits of any of its three causes of action" and refused to grant Zango a temporary restraining order.[24][23]

Also in May 2007, Zango filed in the same court a similar lawsuit against Kaspersky Lab, accusing it of tortious interference, trade libel and unjust enrichment for blocking the installation of Zango software. Kaspersky defended itself by invoking the Communications Decency Act (CDA), saying it was immune from civil liability based on the paragraph of the CDA headed "Protection for 'Good Samaritan' blocking and screening of offensive material". The judge agreed, granting Kasperky's motion for summary judgment.[25][26][27] Zango is currently appealing the ruling.[28] The National Business Coalition for E-Commerce and Privacy is supporting Zango in the appeal. [29]

[edit] Hotbar

Hotbar (also known as HbTools) is a plugin for Internet Explorer, Microsoft Office Outlook and Outlook Express produced by Zango. Hotbar adds a toolbar and the option of extra skins to these programs. It also allows the user to add emoticons to emails created in Outlook or Outlook Express or check the weather report. Its major revenue comes from the excessive use of pop-ups which are displayed according to a user's behavior and current URL. The application can show over 15 pop-ups a day, depending on how much Internet browsing has occurred.

[edit] Controversy

Classified as "Caution - objectionable behavior but clearly informs users" by Stopbadware
Classified as "Caution - objectionable behavior but clearly informs users" by Stopbadware

Hotbar is an example of adware due to its banner advertising and use of pop-up windows. Also the user's browsing habits are sent to the Hotbar servers with a unique user ID which allows a user's browsing habits to be tracked over an extended period of time. For example spyware researcher Benjamin Edelman defined Hotbar's problems like this:

Promoting Hotbar advertising software at sites targeting kids, using banners with smiley faces but without mention of ads. Failing to affirmatively show a license agreement, and burying advertising terms so many screens into the license and below such counterintuitively-labeled section headings that users cannot reasonably find the key provisions. First affirmatively mentioning advertising on a screen that offers no Cancel button for users to decline the installation. And ultimately bombarding users with ads in pop-ups, web browser toolbars, Windows Explorer toolbars, auto-opening sidebars, and even desktop icons.[30]

In 2005–2006, Hotbar.com started to send cease and desist letters to security companies which defined Hotbar as "malware". As a countermeasure, Symantec successfully sued Hotbar.com in the court to get clear right to put it in their "low risk adware"-category.[31]

Hotbar can be detected and removed by several anti-spyware and anti-virus programs, including Windows Defender, Spybot - Search & Destroy, and Norton AntiVirus. However, some utilities do not remove Hotbar completely and leave Windows Registry keys and files behind.[32]

[edit] Seekmo

Seekmo is an adware program by Zango that claims to be a free tool to provide content such as mp3 files, screen savers, and videos. Seekmo can pop-up advertisements even if you have a pop-up blocker on your computer, and will monitor your computer usage to generate ads that you are more likely to respond to. In the process, the program can consume processing power and network bandwidth, slowing down your computer and interrupting other programs. Upon downloading a Seekmo-containing file, the program with which you are attempting to access the file will commence the process of license acquisition in which the program (Windows Media Player, for example) will display a window telling you about the content and what Seekmo is. Upon clicking "Accept", it will automatically send a file for download called "Setup.exe". After downloading this file you must install the Seekmo Toolbar which will display advertisements related to the websites you visit.

[edit] See also

[edit] References

  1. ^ Adware. ZangoSearch. symantec.com. Retrieved on 2007-06-13.
  2. ^ Threat Profile: Adware-ZangoSA.dldr. us.mcafee.com. Retrieved on 2007-06-12.
  3. ^ zango.com - Tags: Popular - All Time
  4. ^ Warner Bros. Calls Off Deal With Adware Company. mediapost.com. Retrieved on 2007-09-16.
  5. ^ Kids Thank Warner Brothers for the Ads and Porn. donotreply.com. Retrieved on 2007-09-16.
  6. ^ Zango Easy Messenger. stopbadware.org. Retrieved on 2007-06-12.
  7. ^ Malicious Website / Malicious Code: Fraudulent You Tube video on MySpace installing Zango Cash. websense.com. Retrieved on 2007-06-24.
  8. ^ Site Advisor retrieved 17th May 2008
  9. ^ The Effect of 180solutions on Affiliate Commissions and Merchants Benjamin Edelman October 20, 2004
  10. ^ Mea Culpa 180Solutions 5:33 PM, Feb 23, 2006
  11. ^ Non-consensual 180 Installations Continue, Despite 180's "S3" ScreenBenjamin Edelman February 24, 2006
  12. ^ "Zango Pleads 'Not Guilty' in Facebook Adware Flap" (2008-01-08). Internet.com. 
  13. ^ "Zango strikes back over reported Facebook hack" (2008-01-08). infoworld.com. 
  14. ^ CDT Files Complaints Against Major Adware Distributor January 27, 2006
  15. ^ FTC complaint against Zango.
  16. ^ Zango, Inc. Settles FTC Charges November 3, 2006
  17. ^ FTC AGREEMENT CONTAINING CONSENT ORDER In the Matter of ZANGO, INC. f/k/a 180SOLUTIONS, INC., a corporation, KEITH SMITH, individually and as an officer of the corporation, and DANIEL TODD, individually and as an officer of the corporation (PDF, 12pages)
  18. ^ Zango Practices Violating Zango's Recent Settlement with the FTC. benedelman.org. Retrieved on 2007-08-05.
  19. ^ Logan Simios v. 180solutions, CLASS ACTION COMPLAINT. U.S. District Court (September 13, 2005). Retrieved on 2007-09-05.
  20. ^ Zango Spyware Suit Dismissed. ClickZ (September 8, 2006). Retrieved on 2007-09-05.
  21. ^ Class-Action Suit Dismissed Against Spyware Provider. Chicago Tribune (September 7, 2006). Retrieved on 2007-09-05.
  22. ^ Zango sues antispyware vendor PC Tools. Infoworld (May 18, 2007). Retrieved on 2007-05-19.
  23. ^ a b ZANGO, INC., Plaintiff, v. PC TOOLS PTY LTD., Defendant. – Denial of Motion for a Temporary Restraining Order (PDF, 9 pages). U.S. District Court at Seattle (June 5, 2007). Retrieved on 2007-09-13.
  24. ^ Zango Drops Lawsuit Against PC Tools. Betanews (August 28, 2007). Retrieved on 2007-08-28.
  25. ^ U.S. Code Collection: TITLE 47 > CHAPTER 5 > SUBCHAPTER II > Part I > § 230. Protection for private blocking and screening of offensive material. Cornell University Law School (January 3, 2005). Retrieved on 2007-09-05.
  26. ^ Zango tries, fails to sue its way out from under the "spyware" label. ars technica (August 30, 2007). Retrieved on 2007-09-05.
  27. ^ ZANGO, INC., Plaintiff, v. KASPERSKY LAB, INC., Defendant. – Dismissal (PDF, 8 pages). U.S. District Court at Seattle (August 28, 2007). Retrieved on 2007-09-13.
  28. ^ Zango's Brief in Zango v. Kaspersky Ninth Circuit Appeal. Eric Goldman's Blog (March 30, 2008). Retrieved on 2008-03-30.
  29. ^ Adware Company Gets Assist From Business Groups In Legal Battle. MediaPost Publications (April 15, 2008). Retrieved on 2008-04-15.
  30. ^ Benjamin Edelman, May 16, 2005, Hotbar Installs via Banner Ads at Kids Sites
  31. ^ United Press International, March 1, 2006, Symantec settlement riles Hotbar
  32. ^ PC Hell, checked 12.9.2007, Hotbar Removal Instructions and Help

[edit] External links

Languages