Zango sneaks onto FaceBook users’ PCs

Going surfing? It’s dangerous out there – wear layers.

Is the Internet really dangerous? As you surf, are you *really* at risk? The answer is YES, but nothing hits a point home
like a modern-day example.

The example comes from our old “friends” at Zango (formerly
180Solutions). Those who follow
ZoneAlarm events will remember the court case 180Solutions brought against us
just a couple years back for protecting our customers from installing their
application. They eventually dropped the complaint after we refused to back
down (http://download.zonealarm.com/bin/free/pressReleases/2006/pr_1.html), but
that didn’t stop Zango from continuing their tricky tactics.

It all starts with a
secret crush

So you’re on Facebook, and there in the top right you see
what any breathing human would consider a titillating, intriguing message: “1
secret crush invitation.” Oh, and a
little red heart. Gentlemen, ladies –
how many of you will take notice and click through? Could you use a little company? Perhaps the
next Mr. or Mrs right?

But in this case, its no secret admirer. It’s a “corporate admirer,” and the only
company you’re going to get out of the deal is a sneaky little piece of adware
that downloads to your computer and watches you. (Fortinet, who discovered the exploit, has
the details nicely recorded here: http://www.fortiguardcenter.com/advisory/FGA-2007-16.html.) 

Social engineering
ends in heartbreak

This practice Zango used is called social engineering. It can hit you anytime, anywhere. It’s the
way that hackers get you to willingly download crap to your PC. This crap can by anything from bothersome
adware that slows your PC and flashes banner ads, to programs that record
anything you type such as credit card numbers. 

You could even end up with a vicious rootkit, keylogger or spyware
program that just all-out takes control of your PC to attack your friends and
family, attack the government, send illegal porn, and other very bad
things. Estimates say that about 25% of
us have at least one of these types of program on our PC.  

Get protection –
layers of protection

We all need to do a lot to protect ourselves, those around
us, and the Internet-at-large. In the
above Zango case, I believe its incumbent upon Facebook to qualify the widgets
that are offered through their service. And it’s incumbent upon companies that are creating really cool, open
services like Facebook and widgets to consider security implications along with
all the fun.

And here’s what we should do: Simply protect ourselves with
a lot of layers of security. This way,
even if a threat gets by one or even several layers, there will always be
another layer (or several) to catch it.

In the Zango example, ZoneAlarm products protect in a number
of ways. Here’s how:  

ZoneAlarm ForceField

This is the product designed specifically to protect you as
you surf the Web. (It’s currently in
beta as a free download.)

ForceField caught Zango variants with two of its layers. First,
it found a Zango URL variant that was dangerous (below) through its spy site blocking:

Next, it found a variant of the Zango executable as it
downloaded to the PC through its dangerous download detection (below).

ZoneAlarm Internet
Security Suite

This is the single firewall-based product designed to
protect you and your PC from everything that gets thrown at it. It caught Zango variants with three of its
layers:

First, like ForceField, it caught Zango at the Web site
source through its spy site blocking feature (below).

Next, its antivirus caught
and eliminated the variant as soon as it was downloaded to the PC (below).

The final layer was ZoneAlarm’s program control, which
catches malicious applications through a behavioral approach (below).

– JordyB