Smokey's Security Weblog

veritas odium parit

Zango crapware is back: pushing somebody else’s popular software and bundling crap with it

Sunbelt Blog | January 29, 2010

Here’s something they don’t teach in marketing 101: If you’re pushing software that no one wants — like, say, annoying adware — and your downloads are going nowhere, what do you do?

Answer: you push somebody else’s popular software AND BUNDLE YOUR CRAP WITH IT!

Remember Zango? It was that irritating adware company that spent years and a million weasel words trying to make its operation seem legitimate. It was fined $3 million in 2006 by the U.S. Federal Trade Commission and it unsuccessfully sued anti-virus vendor Kaspersky in Federal Court in 2007 for calling the Zango malcode “malcode?” After several years of sagging revenue amidst a larger collapse of the adware industry, the company finally folded and sold its assets at fire sale prices last April.

The buyer, Pinball Publisher Network, is still distributing Zango and sadly enough it still offers users nothing of any value, which is why PPN offers Open Office, 7-Zip and Firefox bundled with it. PPN and its affiliates are simply trying to piggyback on those programs and in the process, leech from their value and good name.

Here’s what its fans get:

“Hotbar’s toolbar for IE, Outlook/Outlook Express and Word provides FREE access to premium content including weather, paid for by advertising. Based on keywords generated by your browsing, Hotbar shows ads in a separate browser window or a temporary Slider, and toolbar search suggestions. ShopperReports provides comparison shopping offers in a Sidebar. Both run continuously and update automatically. Uninstall easily via Add/Remove Programs.”

Thanks Sunbelt for informing us! My advice: stay far away from this Zango crapware, same is valid for Pinball Publisher Network. Don’t get be spammed with PPN’s crap…

Informative wikipedia article regarding the Zango crap:

January 30, 2010 Posted by | Advisories, Alerts, Anti-Spyware, Malware, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , , , | Leave a comment

[UPDATED] Comodo Software Removed from Softpedia due to Adware/Spyware issues with CIS

Kudos to Softpedia! After reading their statement concerning Comodo Software, I can only tell Softpedia from this place: you have my full support. Pre-ticked boxes that will provide the user with crapware (adware/spyware) during the install of software is simply not done. It is sneeky behavior. Even worse, CIS – Comodo Internet Security install third-party software (SafeSurf), irrelevant to the main product’s functionality, without leaving room for option. Very indecent, especially because CIS is security software. This kind of software should protect the user, not to fool them with premeditation.

Softpedia article:

Stefan Fintea, Software News Editor
28th of April 2009

As all our regular users know, programs awarded by Softpedia with the 100% Clean and 100% Free awards have been thoroughly checked by our team of editors and passed several tests. Aside from the fact that all programs on Softpedia are scanned with world-renowned security products, all awarded programs are installed by our team and checked for any spyware or adware components.

We make sure the program doesn’t fall under any of the six cases mentioned on our adware definition page. Please be advised that this definition is our creation and has not been “borrowed” from an online or offline source. It was created by our team of specialists to ensure that it covers all cases that may result in the legitimate dissatisfaction of our users. Therefore, if we find adware in a program it will be listed accordingly, regardless of the license it’s listed under on the producer’s website.If the application has been found free of viruses/spyware and neither the installation process nor runtime experience reveal any unpleasant surprises, the program receives the 100% Clean award or, if it’s free for both personal and commercial use, the 100% Free award.A program will not receive any award (or even be published on Softpedia) if it’s impossible to successfully pass through all of the above steps. But if it is possible, as you can see, the rules are very strict and no exception will ever be made. If a program fails to pass the adware test, it will be immediately marked as Adware, regardless of its popularity, developer or current user rating on Softpedia.Now that we’ve cleared this up, you might be asking yourselves ‘OK, but what does this have to do with Comodo?” Well, if you had searched Softpedia for Comodo in the past week, you would have surely noticed that the company’s flagship programs were no longer listed on Softpedia.This was not our decision, of course, but let’s start with the beginning.On April, 15th, Softpedia received an official cease and desist letter from the Comodo legal team requesting us to “discontinue all references on Softpedia identifying CIS as adware” within seven days, because Comodo Internet Security is not adware.The first thing we did was, of course, to double-check the license, but, as we’ve tried explaining to the Comodo team, CIS is indeed adware.Why? Well, for starters, because the installer attempts to change both the browser’s homepage and search engine. As if that wasn’t a good enough reason, the setup also offers to install SafeSurf. Here’s what the official Comodo letter states: “SafeSurf is optional and does not display unsolicited advertisements on a user’s computer, nor does it hijack browser settings or perform search overriding or home page changing without the user’s consent.” Aside from the fact that SafeSurf is a component that the program (CIS) does not require to fully function, therefore it alone would be a good reason to mark CIS as adware, this utility also installs Ask Toolbar without asking for the user’s permission. This type of behavior is clearly not the one described in the Comodo email and could be easily classified as spyware (since adware would imply prior user consent).

Update: It was brought to our attention that users installing SafeSurf are informed in the utility’s EULA regarding the inclusion of software in their browser. Informing the user that third-party software irrelevant to the main product’s functionality will be installed without leaving room for option is not, by far, normal behavior. That would practically imply that producers can force users into installing any third-party software or changing their homepage or search engine and get away with it, because a notification was made in the EULA. Furthermore, the graphic provided in the setup window is clearly deceiving as it does not show the toolbar that is installed along SafeSurf.

Well said Softpedia, I have nothing to add.

Interesting read: “Current Practices of IAC/ Toolbars by Benjamin Edelman”

Softpedia invite you to provide their article with your opinion here.

Update, 3th of January 2009

This is interesting: by coincidence I noticed today that Softpedia removed their article regarding CIS (Comodo Internet Security) and also all comments on it. We can only guess for the why of this Softpedia trash action, but I don’t like this  suprising hide action at all…

I traced reactions of the Softpedia community on the trash action:

Interesting comment of one of these people, he wrote in bold so it seem he is not happy at all with the Softpedia ‘we-didn’t-wrote-anything-action’:

“Why did Softpedia remove all the pages, dedicated to this topic? I know that Comodo IS has been re-listed again on Softpedia, but all the articles ARE to be and should have been archived, but NOT simply deleted – the way Softpedia did.
Now I can’t comprehend whether the information and conclusions, issued by Softpedia’s staff can be trusted or, may be, that is a way of blackmailing software developers? I still don’t understand why all the articles with negative claims towards Comodo were removed from Softpedia. It’s abnormal – Softpedia has outraged our rights for information. Would be grateful for explanation from the Softpedia’s representatives.”

FWIW, a recent post on DSLR attented me again on the issue Comodo/Softpedia, thanks folks for waking me up!

Additional Update, 3th of January 2009

Here the opinion of loyal Comodo Trooper Endymion on the issue, posted May 06, 2009 in the Comodo forum:

“How nice for softpedia to withdraw some far-fetched claims. (ATM it should be still possible to read the previous revision form google cache before it will be wiped out.) Guess they still forgot to mention that there are other criteria for adware other than the ones which Softpedia Awards are based on and likewise that eventual FPs about legitimate toobars are usually corrected by many AV vendors.Nevertheless they made at least an attempt to remove some mistakes.”

and Comodo Chief Melih’s reaction on it:

“That was after our 2nd legal letter we sent this week!We asked them to remove all the statements that were defamatory. They seem to have a habit of changing stuff without explanation. Its very underhanded to change stuff and pretend that it didn’t exist and without explaining why they changed it.”

A certain darkwraith007 provide the Comodo community subsequent with his POV:

“[at] Comodo Devs:You have lost my respect. Be glad that your product comes without a monetary cost. I may still be needing to use it if only until Steve Gibson finishes his firewall (whenever that is) and it gets put to the test. Hopefully it’ll be free, but that’s doubtful.I can’t believe there’s so much back and forth between the meaning of this word and that word and so forth.PEOPLE DO NOT WANT THE ASK.COM TOOLBAR OR OTHER CHANGED BROWSER SETTINGS, DO YOU UNDERSTAND THAT?I hope you all can understand that and repair the reputation you have tarnished among your users. I miss the days of the Kerio Personal Firewall…now its a paid product. >_>If you respond to crticism of your product by sending legal letters, then perhaps I’m not wanted here.”

Stay tuned!

April 30, 2009 Posted by | Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links, Toolbarware | , , , , , , , , , , , | Leave a comment

Safe Computing and Preventing Malware Infections

The current outbreak of the polymorphic worm Downadup, aka Conficker and Kido, and all its variants make very clear that many users don’t act in a responsable and secure way. After all, at the moment 9 (nine) million PCs are contaminated by that worm for reason of a missing Microsoft Security Update for Windows (KB958644). At the same time numerous users don’t posses safe computing and surfing habits, ignore standard precautions, haven’t the slightest idea how to prevent malware and in case they have a PC contaminated by malware they are trying to clean the PC by themselves or by self-declared “security experts”. Keep in mind that malware cleaning/removal isn’t a job for amateurs, it is a dedicated job for well trained and full qualified malware hunters.

Safe computing/surfing and preventing malware is a matter of education. Only well educated users have the reasonable possibilty to remain “clean”. The sole aim of me and my staff on Smokey’s Security Forums is to fulfill this aim by providing the user for free with Education, Support, Help and Advice, and in case the PC of the user is infected by malware to offer malware cleaning/removal by real security experts: comprehensive trained, full qualified HJT/OTListIt2 Analysers/Malware Hunters.

Some basic rules for safe computing, related links at the end of this post:

– Activate the automatic update function in Windows. Always accept and install all updates offered by Microsoft.
– If you don’t like automatic updates, consider to use the Microsoft Baseline Security Analyzer (MBSA). MBSA is an easy to use free tool that helps individuals, small and medium businesses to determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. It will improve your security management process by using MBSA to detect common administrative vulnerabilities and missing security updates on your computer systems.
– Always install all Service Packs offered by Microsoft.
– Educate and protect yourself, e.g. by visiting my board and reading the FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware.
– In case your PC is infected by malware, adware or any other undesired badware or nasties visit my board to get rid of such crap. Only full qualified HijackThis & OTListIt2 Log Analysers/Malware Hunters will care about these infections and help you in a professional way, of course for free, to get rid of it. Note: only registered board members will receive malware removal/cleaning help, registering on my board is also for free.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help


Smokey’s Security Forums
FAQs, How-To’s and Advisories concerning Safe Computing and Preventing Malware
HijackThis (HJT) & OTListIt2 Log Analysis and Malware Removal/Cleaning Assistance and Services
Microsoft Baseline Security Analyzer (MBSA) Frequently Asked Questions
Download Microsoft Baseline Security Analyzer

Safe computing!

Smokey’s Security Forums is Site Member ASAP

January 17, 2009 Posted by | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Friends, Phishing, Recommended External Security Related Links, Toolbarware, Uncategorized, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CNET’s offer rogue Anti-Spyware for download

Surprising to me, and probably with me most blog readers, is the fact that CNET’s, property of CBS Interactive, offer rogue/malicious programs for download.

Regular blog visitors will remember the two articles I wrote past week about Intelinet Internet Security of well-known scammer Cashier Myricks, a malicious program advertised as  “Award Winning Spyware Remover” and “acknowledgements of the software by security experts”.

In the meanwhile it should be clear to everyone that Intelinet Internet Security is a rogue Anti-Spyware Program and therefore have to be rated as Malware. It is very surprising that CNET “apparently” isn’t informed about that piece of malware and stick determined to the download offer. I write “apparently” because I am informed that CNET is warned by several readers that the program is malicious, besides I informed today CNET’s Editor in Chief Scott Ard via an email. An so called “return to sender email”…

Well, I have now some curious questions to CNET:

1. Are all available downloads approved before download release?
2. If the answer is no, how will be guaranteed that all downloads are trustable?
3. Is there a CNET QA Department, and, if yes, what are the efforts of that department to keep the download archive clean?

The fact that CNET still offer Intelinet Internet Security for download let raise another question: how many other malicious programs are offered by CNET? Till we have a satisfying elucidation from CNET I can only advise: to protect your PC and all data on it, don’t download anything from their download archive. The software can be contaminated.

In case CNET need a review of my recent Intelinet Internet Security articles, here you go:

December 31, 2008 Posted by | Advisories, Alerts, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links | , , , , , , , , , , | 5 Comments

Intelinet Internet Security now provided with the Malware label

Well, that was a really fast promotion for Intelinet Internet Security of well-known scammer Cashier Myricks.

Two days ago I blogged about the issue and rated his crappy product Intelinet Internet Security as “a very suspicious piece of software, promoted by scammers and crooks and therefore belonging to the crapware category.”

* With the help of the great DSLR community I can close file Intelinet Internet Security with a new rating for Cashier’s garbage:

“belonging to the category malware”

TonyKlein, valued DSLR member and acknowledged Security Expert, contributed my inquiry on DSLR with evidence of the malicious character of Intelinet Internet Security by a program check performed by VirusTotal, a trustable service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by multiple antivirus engines. Here the link to the VirusTotal check report:

Tony also delivered proof of detection and removal of the program by MBAM – Malwarebytes’ Anti-Malware, an excellent anti-malware application, reviewed by me some time ago. Here a MBAM detection report about Cashier Myricks malware:

Again my advice: stay far away from crap/malware like Intelinet Internet Security. These malicious programs will hurt you and your PC.

* 2008-12-31: File Intelinet reopened for reason of the CNET/ refusal to remove this as malware classified piece of crapware from it’s download archive.

December 29, 2008 Posted by | Advisories, Alerts, Bundleware, Downloads, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , | 3 Comments

Java Anonymous Proxy (JAP): once a Crook, always a Crook?

Today’s post on DSLReports with subject “JAP” draw my attention.

From Java Anonymous Proxy (JAP) Homepage:

JAP makes it possible to surf the internet anonymously and unobservably.Without Anonymization, every computer in the internet communicates using a traceable Address. That means:

– the website visited,
– the internet service provider (ISP),
– and any eavesdropper on the internet connection

can determine which websites the user of a specific computer visits. Even the information which the user calls up can be intercepted and seen if encryption is not used. JAP uses a single static address which is shared by many JAP users. That way neither the visited website, nor an eavesdropper can determine which user visited which website.

Sound great. Especially because the software and services are free. But after reading the DSLR post my mind about JAP changed.

SUMware mentioned in the DSLR post an 2003 SecurityFocus article about the fact that JAPs anonymity service was (and still is?) back-doored. Sound not good anymore, sound really bad.

Excerpt SF article:

The popular Java Anonymous Proxy (JAP), used to anonymise one’s comings and goings across the Internet, has been back-doored by court order. The service is currently logging access attempts to a particular, and unnamed, Web site and reporting the IP addys of those who attempt to contact it to the German police.

We know this because the JAP operators immediately warned users that their IP traffic might be going straight to Big Brother, right? Wrong. After taking the service down for a few days with the explanation that the interruption was “due to a hardware failure”, the operators then required users to install an “upgraded version” (ie. a back-doored version) of the app to continue using the service.

“As soon as our service works again, an obligatory update (version 00.02.001) [will be] needed by all users,” the public was told. Not a word about Feds or back doors.

Fortunately, a nosey troublemaker had a look at the ‘upgrade’ and noticed some unusual business in it, such as:

“CAMsg::printMsg(LOG_INFO,”Loading Crime Detection Data….\n”);”
“CAMsg::printMsg(LOG_CRIT,”Crime detected – ID: %u – Content:

and posted it to alt.2600.

Soon the JAP team replied to the thread, admitting that there is now a “crime detection function” in the system mandated by the courts. But they defended their decision:

“What was the alternative? Shutting down the service? The security apparatchiks would have appreciated that – anonymity in the Internet and especially AN.ON are a thorn in their side anyway.”

Sorry, the Feds undoubtedly appreciated the JAP team’s willingness to back-door the app while saying nothing about it a lot more than they would have appreciated seeing the service shut down with a warning that JAP can no longer fulfill its stated obligation to protect anonymity due to police interference.

A press release from ICPP assures users that JAP is safe to use because access to only one Web site is currently being disclosed, and only under court-ordered monitoring.

But that’s not the point. Disclosure is the point. The JAP Web site still claims that anonymity is sacrosanct: “No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user.”

This is obviously no longer true, if it ever was. And that’s a serious problem, that element of doubt. Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

Telling us that they only did it to help catch criminals isn’t good enough either. Sure, no normal person is against catching criminals – the more the merrier, I say. But what’s criminal is highly relative, always subject to popular perception and state doctrine. If we accept Germany’s definition of criminal activity that trumps the natural right to anonymity and privacy, then we must accept North Korea’s, China’s and Saudi Arabia’s. They have laws too, after all. The entire purpose of anonymity services is to sidestep state regulation of what’s said and what’s read on the basis of natural law.

The JAP Web site has a motto: “Anonymity is not a crime.” It’s a fine one, even a profound one. But it’s also a palpably political one. The JAP project inserted itself, uncalled, into the turbulent confluence between natural law and state regulation, and signaled its allegiance to the former. It’s tragic to see it bowing to the latter.

I don’t know JAPs anonymity service is anno 2008 still back-doored.

Main queustion after the JAP back-doored issue is, can we ever trust JAP again?  My answer is a clear NO. JAP will always have an element of doubt.

SecurityFocus hitted the nail with following remark in the article:

Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

I share SFs opinion. Therefore, stay away from JAP.

April 26, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Sony Retracts Bloatware Removal Fee

Sony has withdrawn its $50 ‘crapware’ removal charge after customers respond with an uproar.
After causing controversy for charging US$49.99 to remove trial software from hard disks of new laptops, Sony has backtracked from imposing the fee on customers.

Starting on Saturday, Sony’s Fresh Start software optimization feature will be free, the company announced.

Fresh Start is a Sony feature that lets customers buy certain laptops without so-called “bloatware,” trial software that laptop makers often load onto new machines. Sony was asking buyers of the Vaio TZ2000 and Vaio TZ2500 notebooks with the Windows Vista Business OS to pay $49.99 for the removal of the extra software. Those customers already pay an additional $100 to upgrade to Windows Vista Business OS from Windows Vista Home Premium.

But after an uproar erupted online Friday in response to the Fresh Start fee, Sony has decided to offer the option for free.

Source/full article:

March 22, 2008 Posted by | Bundleware, News, Uncategorized | , , , , , | Leave a comment