- Botnet Installer Launches Zango.com and BestOffers Network Ads...
I recently came across an installer file being pushed in a Botnet - nothing new there, but it serves up an interesting take on how Adware companies need to make sure that it's not just their software springing up in hijacks - it's their websites, too.
In this case, the Zango.com website is popped open on the user's desktop (ignore the box mentioning Poker, that's from a different popup):
...this is what's known in the trade as "strangeness incarnate". Usually someone will try and install something, so they can make money. Simply popping open the Zango.com website doesn't seem to point to any financial gain, unless the person behind it gets a cut of the profits from the clips on that page. But that would also be stupid, as it wouldn't be too hard for the Zango people to then find out who stuck what movie files where on their website. Plus, I'm under the impression that Zango themselves are responsible for placing the videoclips on Zango.com anyway.
I ran the infection again, and who should pop up in the next barrage of adverts but Bestoffers Network (another name for Direct Revenue):
....whoops. As for what's installed, it's the usual (rather popular) mish-mash of files from WebHancer, Dollar Revenue, SurfSidekick and Toolbar888, which is apparently a Maxifiles variant. I've spoken about Maxifiles in relation to Direct Revenue many times. At any rate, here's a screenshot:
Nice collection!
Of course, it goes without saying that the PC is hosed shortly after the install:
...ouch. Still, at least the hijacked end-user will have no shortage of Smileys to play with, pills to take and celebrity videos to watch while smoke starts to pour out the back of their monitor. All in all, I'd say that's a pretty good tradeoff...!
I work for a computer repair place and in the past week we've seen 8 computers infected with this stuff and it's nasty to remove, Boot in Windows PE and run scans there then run ewido in safe mode command prompt seems to resolve it.
But this appeared all of a sudden for most of these people, are you saying they were all on a botnet that the owner decided to infect suddenly?
Posted by: dyerseve | June 13, 2006 09:47 AM
I have somehow gotten the Zango bot on my system and do not know how to remove it. Can someone please give me a little guidance?
Thanks,
Jmill3r9
Posted by: Jmill3r | June 13, 2006 11:07 AM
I have repeatedly attempted to remove "BestOffers" but since it came in on Kazza years ago, it can't be deleted. I'm not as concerned about this program as much as how we can stop such invasive and intrusive advertisers from intruding in on our privacy with these "behavioral methods". I would like to boycott anyone and everyone who uses BestOffers. Is there someplace I can go to register a complaint and help put these people out of business?
Posted by: Mike Neketin | August 23, 2006 02:25 PM