MySpace users have been inadvertently spreading adware, allegedly placed on the site in violation of Zango policy, through the social networking service.
After a security researcher said Monday that MySpace users were spreading adware through the social networking service to ring up ad fees from Zango, the Bellevue, Wash. marketing company admitted one of its own developers had set up the MySpace profiles.
Zango, however, said the developer was acting without approval and in ignorance of the company's "hands-off" policy regarding MySpace.
Chris Boyd, the director of malware research for security vendor FaceTime, said he found a pair of MySpace profiles tagged "Zango," the new name for the controversial adware maker 180solutions. And each profile pushed adware. One of the profiles used video to entice MySpace visitors to download Zango Assistant and Search Toolbar, which users had to accept if they wanted to view the clips.
"Just who is pimping these things?" Boyd asked, then pointed out Myspace Graphics Help, a site that included copy-and-paste code to add Zango-distributed videos; the code, says the Myspace Graphics site, can be added to MySpace profiles or comments. Anyone who clicks on a MySpace-placed video created by such code, of course, must download Zango's adware to watch the clip.
The profiles were a mistake, countered a Zango spokesman Monday. According to Zango's Steve Stratz, the two spotted by Boyd were created by a company developer based in its Montreal office. (In April 2005, Zango, formerly 180solutions, acquired Montreal-based CDT, at that time one of its largest adware-distributing partners.)
"Those two test accounts were actually created by one of our developers who was exploring possible opportunities, but he didn't realize it was Zango business practice not to target MySpace," said Stratz. "He should not have been doing this, and we want to tell MySpace that we didn't mean to target them." The developer, said Stratz, would soon be deleting the profiles.
Boyd took Zango to task nonetheless.
"This is a relatively new viral approach," said Boyd. "We've seen spam and porn bots on MySpace before, but not adware from a quote-legitimate-unquote adware company," he said.
Boyd's contention was that unscrupulous Zango partners are getting MySpace users -- many of whom are teenagers -- to do their dirty work by spreading the necessary ad-tracking and ad-displaying software.
"Pasting the code for the [video] into the MySpace profile and having it autoplay when you visit the page is enough to have the [Zango] license prompt appear," said Boyd. "Easy as pie."
But although a Zango EULA (end-users license agreement) pops up on coded MySpace profiles, it's too easy for users to assume the dialog's from MySpace, not an adware vendor, argued Boyd. He found more than two dozen sites similar to Myspace Graphics and "I didn't see one actually mention the fact that in return for these [video clips], you'd be pimping Zango."
Zango, however, countered that its license agreement "could not be any clearer" and that it would be obvious to anyone that the download was not originating with MySpace.
Zango, which until early June was called 180solutions, has spent months cleaning up its distribution network -- in the past it blamed "rogue" distributors for installing its software without users' permission -- and to be a better Internet citizen.
Then Zango's vice president of business development, York Baur, said that "we've fixed [those] problems to the extent they can be fixed. This [business] model works, and we're very proud of the model we've built."
Stan Monlux, senior director of business development, weighed in Monday on the MySpace issue by denying that the network's accounts were allowed to register as partners -- and thus receive payments -- and arguing that it wasn't up to Zango to police the sharing of its content.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.