Threat Management, Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Zango fires back at Fortinet over adware accusations

The top executive for much maligned online ad firm Zango returned fire today against Fortinet, six days after the security vendor posted an advisory implying Zango was responsible for a malicious widget on Facebook.

“It is not associated in any way, shape or form with Zango,” Zango Chief Executive Officer Keith Smith told today. “Based on the fact that a [Zango] ad showed up after this widget was installed, [the advisory] implied that spyware was being bundled with this widget, which was not the case at all.”

Fortinet, in a report issued last week, warned that a new application called Secret Crush was circulating on popular social networking site Facebook and, if installed, promised to tell users who has on a crush on them.

But the application had worm-like characteristics because, before users could install it, they had to invite five other “friends” to also add the application to their accounts, Fortinet researchers said.

Once they followed all the necessary steps, they were left with no list of secret crushes, but an advertisement to download a Zango astrology application, according to Fortinet.

“Needless to say that clicking on ‘Download Now' [in the ad] leads to a copy of the infamous Zango adware/spyware,” the advisory said. “The malicious widget authors get rewarded with as much as over $1 upon each successful installation…”

But Smith said Zango is being unfairly implicated as spreaders of adware.

The Zango ad was not associated with the widget, but was actually a rotating spot that had been placed through Facebook by one of Zango's advertising partners, a legitimate practice, he said.

“It was one of the many rotating ads in this location,” he said. “We advertise in a lot of locations.”

Fortinet, in a statement today, said it stands by its original research.

“The behavior shown in our screen shots simply showcases the observations the FortiGuard Global Security Research Team made on that date,” the statement said.

A Facebook spokesperson said late Friday that the widget has been taken down for violating the website's terms of service.

“Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware,” the spokesperson said.

A Facebook spokesperson could not be reached for comment today.

Chris Boyd, senior security searcher at FaceTime Communications, said on his blog the real culprit in this incident appears to be the makers of the widget, not Zango.

“I'm wondering if we're currently stringing them up for being the wrong [advertisement] in the pop-up at the wrong time, as opposed [to] exploring who the makers of the Secret Crush application are instead,” he said.

Zango was fined $3 million last year by the Federal Trade Commission over deceptive adware practices. In some cases, Zango's third-party distributors installed adware on victims' machines by taking advantage of browser security vulnerabilities.

Smith does not deny the company's checkered past. But he said the Bellevue, Wash.-based company, formerly known as 180solutions, is reformed and now has a seven-step installation process in place that clearly discloses terms of service to users.

Zango offers free content, such as games and videos, to customers in exchange for them installing a toolbar that displays advertisements, Smith said. Users also receive ads in other formats, such as pop-ups.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.