ZangoBlacklist.com contains linked news articles about Zango, detection tools and software removal instructions. The site also displays the Top 20 Worst Offenders, a comments section and a form for webmasters to submit a complaint about a specific company.
“This new forum hopes to educate people and companies about the downfalls of the Zango installer and marketing via infected computers,” one of the site’s creators Kirk Gretchen said. “ZangoBlacklist.com hopes to become the definitive site used for fighting Zango. Our hope is that by reporting users of Zango, consumers will stop using these products [which will] cause companies to rethink their position on using spyware.”
Shortly after being fined $3 million in ill-gotten gains by the Federal Trade Commission in response to charges that it deceptively installed adware onto PCs without user consent and then obstructed its removal, Zango came up with a new way to distribute its software.
According to net security firm Websense, Zango is serving ads that are deceptively designed to look like MySpace pages that contain what look like YouTube videos. When a surfer clicks on the video they are directed to YooTube.info, the site of a Zango affiliate that is not affiliated with YouTube.com, and is lured into accepting an end-user license agreement in order to watch the video.
If the user accepts the download, the Zango Cash Toolbar setup.exe file is covertly installed in the background. According to Websense, Zango uses a Windows DRM loophole that’s been previously used to spread viruses and malware.
Zango spokesman Steve Stratz said that by having the user agree to the EULA, the company is complying with the FTC’s regulations. Stratz also said that the affiliate’s site URL is not in violation of the FTC agreement or Zango’s rules of conduct.
Adware researcher Ben Edelman disagrees.
“The problem is that they don’t give the user the right information before installation,” Edelman told InformationWeek.com. “What have they really told you? That there will be ads. But they fail to mention that these ads are the much-hated popup ads. Then they’ve told you that they base those ads on keywords from your browsing. But they do not mention that your browsing patterns get sent to them. That’s a big difference.”
