Reformed adware vendor still under fire

One of the central players in the advertising software field, Zango is trying to be the leopard that changed its spots. Despite the adware company's efforts to improve its reputation, it is still drawing fresh accusations of dubious business practices.

Zango, based in Bellevue, Washington, changed its name last month from 180solutions, a moniker linked to well-documented complaints about its software, which displays targeted pop-up advertising to Web surfers based on the sites they search for.

In exchange for viewing the advertisements, users get access to freebies such as video clips and the ubiquitous graphical "smileys" for e-mail. Zango pays affiliate Web sites up to US$0.40 for every visitor that installs the Zango software.

Those rewards drove some affiliates to exploit unpatched security holes to install the software without user consent, or to lure users into installing it by linking to it from popular social networking sites.

Zango's Chief Executive Officer, Keith Smith, blames the company's bad reputation on the past behavior of Web site publishers, some of whom essentially subcontracted out illegitimate installations of the software to hackers.

"We have fixed that," he said during a recent interview in London.

Smith, a bright 35-year-old entrepreneur who dropped out of Bible college, detailed how around the start of the year the company axed distributors seeding unauthorized installs and added new notification mechanisms to let users know the software is on their computer, following a swell of complaints and media coverage.

But critics paint a contrasting picture in which hackers are still pushing installs of Zango software modified to run without user consent, and say the company's efforts to clean up are loose at best.

Only last week, security research manager Christopher Boyd of FaceTime Communications showed that Zango's software was being distributed through MySpace, the popular social networking site owned by News Corp., in breach of MySpace terms of service, which forbid commercial use of the site.

Boyd argued MySpace users are typically minors and may not understand the opaque user agreement. Zango says its software is only for users over 18 years old.

Zango officials said one of its developers had created a MySpace profile containing video clips requiring a download of the adware before the content could be viewed. The developer was unaware of Zango's policy not to market the adware on MySpace, said Zango spokesman Steve Stratz.

Other sites have sprung up offering content that MySpace users can add to their profiles that also requires a Zango download.

Some hackers have found darker ways to make money from Zango's affiliate program, exploiting security flaws in order to install Zango software on other peoples' computers.

A former hacker, who says he no longer distributes Zango software illegally, said his friends still make $5,000 to $8,000 a month spreading Zango through networks of commandeered computers, called botnets.

"I still have friends milking them [Zango] for every penny they got," said the former hacker close to Jeanson James Ancheta, an American hacker who was sentenced to 57 months in federal prison in May. Ancheta was indicted for illegally controlling a network of bots to install adware, among other things.