Adware maker Zango has been cheating on last year's FTC settlement, spyware researcher Ben Edelman found. The company continues to install its software without proper disclosure to end users, and the pop-up ads that it server too are lacking clear identification.

These problems are hardly new to neither Zango nor the overall adware industry. Even if Zango doesn't defraud its users itself, it has dozens of distributors who have a clear incentive to do so: Zango pays them a small sum (less than $1) for every installation. So just like an unscrupulous tire salesmen will puncture all the tires in his neighborhood at night, botnet herders will install as many adware applications as possible on the computers they control.

Zango doesn't control these installations, but by continuing to pay operators of botnets and criminal websites, the company is allowing them to continue to operate. The FTC settlement furthermore was intended to allow consensual installations to continue while curbing the nefarious ones. As Edelman points out, Zango has failed to hold its end of the bargain.

In the first episode of the Security Watchdog video blog that's posted below, you can see a real world adware infection where a system gets infected by half a dozen applications, including Zango, without the user's consent. The installation demonstrated in this video predates the FTC settlement.

Click To Play

Next week: Cross Site Scripting attacks

July 31, 2007 | Permalink | Comments (7)

A 'highly critical' vulnerability has been found in Yahoo Widgets that could, yes you guessed it, allow a remote attacker to run code.

Secunia, which rated the flaw as 'highly critical', said that other versions of Yahoo Widgets may also be affected.

July 29, 2007 | Permalink | Comments (7)

This is pretty worrying - travellers flying into the US from Europe will have their personal data collected by the airline and kept on record by the Department of Homeland Security until 2022.

Talk about invasive - the data includes political opinions, religious or philosophical beliefs, trade union membership and even sexual orientation, whatever they need that for.

Talk about land of the free...

July 25, 2007 | Permalink | Comments (14)

Google has promised to delete cookies after two years. This is some way better than 2038, when they are currently set to delete but the two year time limit is reset every time someone visits google.

Google is under increasing pressure to address concerns over privacy. The company now renders user information anonymous after 18 months as a result of discussions with the EU.

July 19, 2007 | Permalink | Comments (0)

Look out for small but unauthorised charitable donations from your credit card, it could be scammers testing the validity of the card. In a warning, Cyber-Ark said that this is especially worrying for business debit and credit card account holders, as they tend to have less control over card use than their personal counterparts.

July 16, 2007 | Permalink | Comments (0)

The commercialisation of cyber-crime is driving malware writing activity and will lead to progressively more serious IT security threats, according to research from Frost & Sullivan.

The analyst believes the global market for antivirus technologies reached $4.6bn in 2006, up 17.1 per cent from $4bn in the previous year.

July 11, 2007 | Permalink | Comments (0)

So shortly after someone claimed to have hacked into the book publishers and stolen the manuscript from the last Harry Potter book, now a virus appears, promising itself as a copy of the manuscript. The Hairy-A worm can automatically infect a PC when users plug in USB drives, which carry a file posing as a copy of the eagerly anticipated book.

Beware of the Deathly Hallows...

July 2, 2007 | Permalink | Comments (0)