50 Zango mutherfuckers!

Wow, alot of traffic has spyware and it seems to be increasing.

Not good.

:(

Them damn Zango banners are everywhere too. Specially on free games sites and they have some very alluring banner ads for game sites, not quite pornographic but deffinatly better chubby spank it material than I had as a kid and my mom had Vogue in the house.

Yet you promote zango to other webmasters.

Not good.

wow, very interesting stats

Those are insane numbers. This is a lot to process.

Brad

I cannot believe you actually had the nerve to post links on spywarefreaks to iDownload.com(quickbuck) products? Yeah, everyone needs even more exploits on their system.

VirushunterPDF, registrydefender / winfixer, pcvirusless is another rogue and part of the cws group

Quickdraw can you hit me up please?

Thanks

I checked our logs over a 72 hour period and these are the results I got:

zango 0.9%
seekmo 0.25%
hbtools 0.05%
funweb 2%
megaupload 1.7%

Not exactly sure what megauplod is, but when I visit their site I see they offer the MegaToolbar which sets off a red flag.
This is just from the raw logs. I am going to try to filter it down to just the main entry pages and see if the numers change.

DAMN IT. I hadn't checked megaupload

I'm seeing 1% with megaupload

OK really stupid question. How do I check the traffic for these?

I just stripped down my logs and only ran results for our top 3 traffic entry pages and the numbers were about 0.4% overall higher than what I listed above. Fuckers.

You can search your server logs.

Thanks Zebra

Fuck off and die!

I had no idea it was as high as 20%. :(

This is what we have so far.

funweb 2.85 %
megaupload 0.62 %
Zango 0.51 %
Seekmo 0.39 %
peoplepal 0.28 %
hbtools 0.22 %
hotbar 0.20 %


IM not happy at all.

You can bet that a large portion of these guys that have any of the zango family installed, also have a variation of the zlob or codec exploit as well since Zango is popping windows to places like adultdvds1.com/teen.html (visit at your own risk)

For every person that has the zlob installed, you are losing them in your organic search engine listings as well. Surfers with these codecs get their search engine results redirected to a multitude of PPC engines.

everyone should be reminded of the fact that its not "spyware" according to the FTC. so, trying to hurt their business by mischaracterizing what the software is, opens you up to civil liability.

**my post disappeared**
but wanted to add that it's a multitude of PPC engines...OR...fake TGPS/MGPS that redirect the traffic for trades of legit traffic and then ultimately resold to a traffic broker.

This thread is depressing.

I think a lot of us have surpassed the depressed part - the good thing is that finally others are taking notice. In th past 2+ years, I'd love to know how much all these companies have taken from the adult industry. I say 2+ years cuz it's around the time that the US got rid of gambling online that they replaced that income with going after adult agressively.

Sadly we will most likely find out, that this company is owned by one of our very own high rollers.

I think this could be further refined, because it's counting raw hits rather than uniques. A surfer who goes through as many FHGs as he can find and grabs 100 videos/500 images will push up the total even though his spyware 'value' is the same as a surfer who views a single hotlinked image on a forum.

Something like this would probably work better:

first, count the total number of unique IPs in your log:
cat /path/to/access_log | awk '{print $1}' | sort -u | wc -l

then for each spyware name find the number of unique IPs that reference it:
grep -ci "seekmo" /path/to/access_log | awk '{print $1}' | sort -u | wc -l

This won't work so well for logs spanning several days because the concept of a "unique" IP gets a bit blurry with different IPs being assigned as people reconnect but it will probably still be more accurate than just counting raws.

BTW the above assumes that the user-agent is actually logged... AFAIK the default Apache setup doesn't do this.

Oops, drop the "-c"

grep -i "seekmo" /path/to/access_log | awk '{print $1}' | sort -u | wc -l

Here are my stats based on unique IPs as per the above suggestion

Total measured: 196,030 uniques

seekmo: 870 (0.44%)
zango: 878 (0.45%)
hotbar: 259 (0.13%)
funweb: 4518 (2.32%)
megaupload: 1204 (0.61%)
peoplepal: 462 (0.24%)
hbtools: 418 (0.21%)

Does funweb do those smiley banners that laugh (both visibly and audibly) when you mouseover them?

Those are insane numbers. :(

Funweb sure gets around.

I assume most of you guys are checking your logs where the traffic is from a variety of sources like tgp's etc..

Anyone have a strictly SE driven site they can get stats on?

insane numbers. .thanks for sharing.

One other thing I should mention, it's also invalid to sum the total of the individual results (eg hotbar+zango+... = 19%) because some people will have more than one installed. :)

Example:

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; HbTools 4.8.7; Zango 10.0.275.0; Seekmo 10.0.341.0)"

I had a play with some simple scripting to pull data from area enclosed in brackets, I then removed obvious strings such as "Windows 98" or "MSIE 6.0."

There may still be some common ones remaining, but if I wasn't sure I left it in.

This is the list, ranked by count: (bottom 0.1% / <200 excluded)

9713 InfoPath.1
6045 FunWebProducts
5002 InfoPath.2
3946 IEMB3
2224 YPC 3.2.0
1375 Avant Browser
896 MSN 9.0
881 MSN 9.1
875 yplus 5.1.04b
851 MSNmen-us
803 FDM
751 Google Wireless Transcoder
654 NaviWoo1.1
644 TOB 6.05
632 DigExt
594 Maxthon
587 PeoplePal 3.0
545 Orange 7.4
522 MSNcOTH
509 Seekmo 10.0.341.0
448 SIMBAR Enabled
419 ZangoToolbar 4.8.3
402 WinuE v6
402 WOW64
382 Sky Broadband
370 Comcast Install 1.0
362 MEGAUPLOAD 2.0
359 J2ME/MIDP
356 Q312461
355 MSNbMSFT
349 MRA 4.10
345 ssr
342 tr
335 SpamBlockerUtility 4.8.4
330 MEGAUPLOAD 1.0
322 Arcor 5.006
299 YComp 5.0.0.0
289 MSNbMSNI
288 MyIE2
285 MSNbVZ02
284 Embedded Web Browser from: http://bsalsa.com/
283 yplus 5.3.04b
282 Stream Plugin
277 T-Online IE7
261 SIMBAR=0
254 MSNbQ002
248 Neostrada TP 6.1
229 Zango 10.0.341.0
212 iebar
212 DT
211 America Online Browser 1.1
210 Comcast
207 MSNc00
207 AtHome033
203 SeekmoToolbar 4.8.4
202 RRHSO_BLD1
202 MSDigitalLocker

Seems like 3-5&#37; is the total average?

I doubt there will be much if any of these users finding your sites via search engine.....simply because these programs will redirect user searches at google or yahoo or wherever to a paid search engine where the spyware owners get paid for the clicks.

Bump so an important thread doesn't die.

thanks again for posting this shap.

you're an idiot :disgust

funwebproducts is big, but if i recall well even when you uninstall it your browser still carries the description of it. I'm assuming a large &#37; of those are not active ones. Anyone can confirm this?

can someone explain a little more on what happens if a surfer has funweb or other spyware installed?

by my logs, FunWebProducts is in 8% of my server request, does that mean they are downloading my content but never have the option of joining my site due to redirects?

Its fucking insane how a "would you hit it" threads get more veiws and replies than a thread like this.

fucking depressing :Oh crap

Id be interested in something like this. Anyone working or has any other script similar to this? Im surprised no one has taken this open source code and adapted it.

Interesting stats, and that's "only" spyware and not counting all the guys infected with affiliate code changing trojans...

right, the affiliate changing trojan I have on a test PC doesn't identify itself.

Of course not. :)

Just trying to reinforce StarkReality's point.

When half the fucking anti virus software programs out there call it " spyware" and even Zango admitted that they have had (and likely still do) affiliates who installed their shit without people knowing on million of pcs.... then it is what it is... spyware.

They can call it adware till they are blue in the face but when it is abused by their own partners (making it spyware) and most people see it as spyware, then good luck sueing me for calling it spyware.

I think i will trust with the anti virus companies call it and not what the shaddy company wants you to think.

Bump for a biz thread.

because 90% of the people here dont make money so they dont care about stuff like this and looking at porn is more important to them.

But, but... Isn't it on GFY "where the industry meets"?

Hes trying to give you some solid advice. . .