Just days after announcing a $3 million settlement with the Federal Trade Commission, adware firm Zango is again facing scrutiny for shady installation practices.

The Bellevue, Wash., company, born out of a merger between Hotbar and the heavily criticized 180 Solutions, is being linked to fake adult-themed YouTube videos floating around the MySpace social network.

According to an alert from Websense Security Labs, the videos come with an embedded installer that installs the ZangoCash ToolBar as part of a DRM (digital rights management) licensing agreement.

MySpace users clicking on the videos, which closely resemble videos from the popular YouTube player, are directed to content at "," a Web site hosted in the Netherlands. The registration information on the domain appears to be fraudulent, Websense said.

San Diego-based Websense flagged the site as "malicious" and warned that the "click here for the full video" button will redirects users to a Windows Media Player video that requires the user to agree to an end-user licensing agreement in order to watch the video.

"Assuming that users have accepted the agreement, the video downloads and attempts to install setup.exe from Zango Cash," the Websense advisory says.

eWEEK was able to reproduce the Websense findings during independent tests.

According to information on Zango's Web site, the company pays up to $0.45 per installation of the software, which offers free games, videos and other forms of content in exchange for pop-up advertising delivered to consumers.

This is not the first time Zango has been linked to shady installation practices at the MySpace portal. Earlier in 2006, Christopher Boyd, a researcher at FaceTime Communications' FaceTime Security Labs, based in Foster City, Calif., discovered Zango installers embedded in videos that autoplayed on MySpace profile pages.

At the time, the company acknowledged that its own developers had planted the videos on MySpace to test possible opportunities, but stressed that it was against internal policies to target MySpace. The profiles were later deleted after Boyd exposed the issue on his Web site.

The latest discovery comes just days after the FTC announced that Zango would pay $3 million to settle claims that it used third parties to install adware on consumers' computers, often without adequate disclosure.

The adware programs—Zango Search Assistant, 180Search Assistant, Seekmo and n-CASE—typically monitor computer users' Web use to display targeted pop-up ads. According to the FTC, the adware programs were installed on U.S. consumers' computers more than 70 million times and have displayed more than 6.9 billion pop-up ads.

The FTC alleged that Zango's distributors—third-party affiliates that often contracted with numerous subaffiliates—frequently offered consumers free content and software, such as screensavers, peer-to-peer file sharing software, games and utilities, without disclosing that downloading them would result in installation of the adware. In other instances, Zango's third-party distributors exploited security vulnerabilities in Web browsers to install the adware via drive-by downloads.

The FTC also charged that Zango deliberately made it difficult to identify, locate and remove the adware once it was installed.

The commission said the settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.

By Ryan Naraine
November 7, 2006