Friday, May 16, 2008

Beware the Zangobot!

While this news is likely speculative and unfounded, it has ramifications I couldn't resist. My good friend Steve and I have, for the last couple of years, jokingly inferred that Zango must have some form of bot, be it a crawler or IRC/P2P. Now this was stated entirely in jest, mind you, but I have to throw the phrase open now that to a story from Trendmicro claiming Zango and Storm: Possibly in Cahoots.

How could I pass? This is indeed the prospect of a Zangobot!

From Trend's post: "The presence of these clues means either of two possibilities. One, that Storm is now targeting computers that have Zango adware installed in them, or two, that Storm has now been commissioned to deploy Zango adware. Zango (also ePIPO, 180solutions, HotBar) is an adware company notorious for planting software that runs on startup, displays advertisements, and comes bundled with other software."

Alex Eckelberry rightfully puts a cautionary spin on the story in his post on the Sunbelt blog:
"After years of tracking Zango/180, etc., we have a really hard time believing that Zango would knowingly work with distributors of Storm. While there’s no love between us, they're not complete idiots, and they know that if they got caught they'd be in serious trouble with the FTC."

Nonetheless, let the speculation and research begin.

I hereby declare a contest! We need a Zangobot graphic. Get your creative juices flowing and send your Zangobot character/avatar/image to me at holisticinfosec at gmail dot com.
The winner receives mention here, an information security book of my choosing, and a Daily WTF sticker. | digg


Unknown said...

Got your tickets?


Anonymous said...

From the Zango Blog:

Trend Micro and Zango are in contact and are working together to understand the situation raised in the Trend Micro blog entry originally posted last night -- a blog entry updated twice today.

At this time, we have no evidence that Storm is "pushing Zango." We confirm that we have no known business relationship with those behind the Storm bot -- nor would we seek, accept or authorize such a relationship. We look forward to getting to the bottom of this matter in a timely fashion and will report updates as necessary.

Moving blog to

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...