Zango, formerly 180solutions and Hotbar, manufactures known adware and spyware typically required to access partner's games, DRM-protected videos and software. Zango software is listed as "Adware" by Symantec. McAfee states, "this program may have legitimate uses", but describes it as a "potentially unwanted program", and an "adware downloader".

Content

Zango's consumer website asserts that the company is "committed to creating a content economy built on a foundation of safe and ethical practices by protecting consumer privacy while offering a fulfilling and high-value content experience." Zango content includes sports, comedy, dance, erotic videos, online games, and screensavers. Warner Bros. and others have been known to give content, although Warner Bros. has terminated its business relationship with Zango after an online outcry.

Undesirable software behaviors

StopBadware.org lists a number of undesirable behaviors associated with Zango Easy Messenger, including "behaves as spyware", "automatically runs on startup", "displays pop-up advertisements", "installs adware", and "bundled software can't be closed".

The same site states, "We find that Zango Easy Messenger is not badware, although it does engage in behaviors that users should be aware of."

Websense issued a Zango-related security advisory in November 2006. The report stated that "Websense® Security Labs has discovered a number of user pages on the MySpace domain which have videos that look like they are from YouTube. The videos have an installer embedded within them for the Zango Cash Toolbar. When users click on the video, they are directed to a copy of the video, which is hosted on a site called Yootube.info."

A more detailed analysis of this attack appears in "Zango Practices Violating Zango's Recent Settlement with the FTC": "Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango's obligations under its November 2006 settlement with the FTC." These consist of a failure to include an on-screen disclosure of material terms, widespread in-toolbar ads without the labeling and hyperlinks, ads for "bogus Sites that attempt to defraud users" and third party installations without any disclosure whatsoever.

History

1999 to 2001

When founded in 1999, Zango was known as ePIPO. It was one of the first "pay-to-surf" companies, following in the footsteps of AllAdvantage. This business model paid users a minimal amount to surf the Internet while running an application that showed banner ads. Users could also make money by referring others who would use this application.

After enjoying brief success, the pay-to-surf business model declined with the bursting of the Internet bubble in 2001, and 180solutions adjusted their technologies in several ways:

To show pop-up ads instead of banner ads.

To not have any visible GUI.

To be bundled with other potentially valuable applications.

ePIPO changed their name to 180solutions.

2002 to 2005

From 2002 through 2005, 180solutions' applications (ncase and 180SA (search assistant)) were distributed via various affiliates. While these affiliates were legally required (by 180solutions contract and other laws) to obtain the permission of the user prior to software installation, many did not, and this resulted in millions of illegal non-consensual installs. Many other affiliates notified users only via the end user license agreement EULA and this resulted in millions more of arguably legal but still essentially non-consensual installs.

180solutions' software showed pop-up ads while a user was surfing the Internet. This software was often, but not always, bundled with other pieces of free software which the user intentionally installed. Since permission to install the 180solutions adware was typically hidden in an EULA, most users were unaware of the fact that they were installing adware. In some cases 180solutions' software was not bundled with any other software, but installed as a standalone install. Using this method, an ActiveX prompt simply asked the user to install the software so that they could receive "comparison shopping advertisements".

180solutions contended that the value of the bundled software or the "comparison shopping advertisements" made up for the inconvenience of the pop-up ads. The value of this trade-off was contested by critics of the adware business model.

In 2004 Benjamin Edelman, assistant professor at Harvard Business School and spyware researcher, analyzed the network behavior of 180solutions applications and claimed they redirected commissions to themselves that were properly due to affiliates, and additionally caused merchants to pay commissions when affected users clicked on merchant sites directly.

During this time, 180solutions' applications were often difficult to uninstall, requiring the user to download an extra 'uninstall' application made by 180solutions or to use an adware removal tool. In 2005, the software uninstall was standardized to use the Windows 'add/remove programs' feature.

In 2005, 180solutions implemented a number of initiatives that were intended to show that the company was serious about controlling the distribution of its software to eliminate non-consensual installs:

March: Acquired one of their distribution partners, a Canadian company called CDT (dba LoudCash). This gave them direct visibility into and greater control of many of the formerly "third party" distributors.

June: Claimed to have re-notified its 20 million user customer base and implemented a program that notifies all users within 72 hours of install and re-notifies all users every 90 days thereafter.

August: Filed suit against seven individuals alleged to have illegally distributed its software using a botnet.

November: Announced an ongoing partnership with the FBI in breaking up a botnet ring in the Netherlands.

December: Ended distribution of the 180SearchAssistant and closed LoudCash (a remnant from the CDT acquisition). They claim that this removes the financial incentive for fraudulent installs, which many critics claim not to be true.

2006 to 2008

Despite the initiatives of 2005, 180solutions admitted that it is possible for malicious users to hack their install routines andthereforecause fraudulent installs. They claim that the percentage of fraudulent installs has dropped from over 10% to under 1%. Critics claim that the business model is untenable because fraud against 180solutions (which therefore harms unknowing users via non-consensual installs) can never be completely removed.

In early 2008, a malicious Facebook widget was discovered by Fortinet as luring users to install Zango under the pretence of identifying a “Secret Crush”.

Federal Trade Commission charges and settlement

On January 23, 2006, a public advocacy group filed two official complaints with the Federal Trade Commission. The Center for Democracy and Technology complaints charge 180solutions with engaging in unfair and deceptive business practices, deliberately duping Internet users into downloading intrusive advertising software.

In 2006, the Federal Trade Commission charged Zango with "Deceptive Failure to Disclose Adware", "Unfair Installation of Adware", and "Unfair Uninstall Practices" in violation of the Federal Trade Commission Act. Since the FTC ruling, security researchers continue to find Zango involved in problematic installs.

In November 2006, Zango settled this complaint via a consent decree with the FTC, without formally admitting guilt. In the words of the Federal Trade Commission press release, "Zango, Inc., formerly known as 180solutions, Inc., one of the world's largest distributors of adware, and two principals have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future downloads of Zango's adware without consumers' consent, requires Zango to give a way for consumers to remove the adware, and requires them to give up $3 million in ill-gotten gains." These restrictions remain in force for twenty years. The agreement also requires respondents Keith Smith and Daniel Todd to notify the FTC of the discontinuance of their current business or employment, or of their affiliation with any new business or employment, for ten years.

In July 2007, Edelman said, "Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango's obligations under its November 2006 settlement with the FTC."

Other litigation

In September 2005, attorney Shawn Collins filed a class action lawsuit against Zango on behalf of three plaintiffs, alleging that Zango deceptively installed spyware on more than 20 million personal computers. The company says its software is voluntarily installed by users who download premium content in exchange for their consent to view advertisements relevant to what they search for online. During pre-trial discovery, the parties agreed to a dismissal with prejudice, meaning that the suit can't be brought again by the same complainants. Each side agreed to pay its own fees and expenses.

In May 2007, Zango filed a lawsuit against PC Tools alleging tortious interference with its business and trade libel, because the PC Tools product Spyware Doctor at that time classified Zango software as malicious and removed it without informing users. Zango dropped the suit after the judge ruled that the suit was "unlikely to succeed on the merits of any of its three causes of action" and refused to grant Zango a temporary restraining order.

Also in May 2007, Zango filed in the same court a similar lawsuit against Kaspersky Lab, accusing it of tortious interference, trade libel and unjust enrichment for blocking the installation of Zango software. Kaspersky defended itself by invoking the Communications Decency Act (CDA), saying it was immune from civil liability based on the paragraph of the CDA headed "Protection for 'Good Samaritan' blocking and screening of offensive material". The judge agreed, granting Kasperky's motion for summary judgment.

Hotbar

Hotbar (also known as HbTools) is a plugin for Internet Explorer, Microsoft Office Outlook and Outlook Express produced by Zango. Hotbar adds a toolbar and the option of extra skins to these programs. It also allows the user to add emoticons to emails created in Outlook or Outlook Express or check the weather report. Its major revenue comes from the excessive use of pop-ups which are displayed according to a user's behavior and current URL. The application can show over 15 pop-ups a day, depending on how much Internet browsing has occurred.

Controversy

Classified as "Caution - objectionable behavior but clearly informs users" by Stopbadware

Hotbar is an example of adware due to its banner advertising and use of pop-up windows. Also the user's browsing habits are sent to the Hotbar servers with a unique user ID which allows a user's browsing habits to be tracked over an extended period of time. In example spyware researcher Benjamin Edelman defined Hotbar's problems like this:Promoting Hotbar advertising software at sites targeting kids, using banners with smiley faces but without mention of ads. Failing to affirmatively show a license agreement, and burying advertising terms so many screens into the license and below such counterintuitively-labeled section headings that users can't reasonably find the key provisions. First affirmatively mentioning advertising on a screen that offers no Cancel button for users to decline the installation. And ultimately bombarding users with ads in pop-ups, web browser toolbars, Windows Explorer toolbars, auto-opening sidebars, and even desktop icons.

In 2005-2006, Hotbar.com started to send cease and desist letters to security companies which defined Hotbar as "malware". As a countermeasure, Symantec successfully sued Hotbar.com in the court to get clear right to put it in their "low risk adware"-category.

Hotbar can be detected and removed by several anti-spyware and anti-virus programs, including Windows Defender, Spybot - Search & Destroy, and Norton AntiVirus. However, some utilities do not remove Hotbar completely and leave keys behind in the Windows Registry. An example; Hotbar does have an Add/Remove Control Panel entry for itself, but it leaves registry entries and files behind it.

Seekmo

Seekmo is an adware program by Zango that claims to be a free tool to give content such as mp3 files, screen savers and videos. Seekmo can pop-up advertisements even if you have a pop-up blocker on your computer, and will monitor your computer usage to generate ads that you are more likely to respond to. In the process, the program can consume processing power and network bandwidth, slowing down your computer and interrupting other programs. Upon downloading a Seekmo-containing file, the program with which you are attempting to access the file will commence the process of license acquisition in which the program (Windows Media Player, for example) will display a window telling you about the content and what Seekmo is. Upon clicking "Accept", it will automatically send a file for download called "Setup.exe". After downloading this file you must install the Seekmo Toolbar which will display advertisements relevant to the websites you visit. The company states that "It's kind of like TV - you get to watch your favorite TV shows for free because they show ads." However, most TV networks adhere to Standards & Practices which prohibit "Adult-oriented ads" .

Affiliate Commission Theft

Zango Adware is also known to hijack affiliate commissions by replacing the affiliate ID from a referring affiliate with their own affiliate ID. Therefore if a person's computer is infested with Zango adware and that person visits a site via an affiliate link-Zango popups will remove that affiliates ID with their ownthereforestealing the actual affiliates commission. The following video demonstrates an affiliate link hijack in action (live demo of Zango affiliate link hijacking at the 3 minute, 10 second mark of the video):

http://phantomlinkcloaker.com/adware/adware.html