Select Page

Eric Howes sent me this earlier. We see a 180 Solutions installer at a site for a 2nd grade class site:

180-cjb-1

Now, this is because the good teacher Mrs. Hall is hosting her site at Cjb.net, unwittingly spawning spyware on The Innocent.  She has been contacted by us as she has no idea this is going on. 

Testing this site on a non-SP2 XP system, I received the same ActiveX dialog box after simply hitting refresh once or twice.  On a patched SP2 system, I did not receive it, instead getting popups for pharmacies, online dating services and casinos.  

You can see a video of more cjb.net sites here, taken by Eric Howes.

Suzi has blogged on this as well, here.

…there are several problems with this scenario, not the least of which is the misleading text in the security warning (ActiveX) box. It says “Website Access By Zango Search Tools”. There’s an implied meaning that in order to view the website, one needs to download the “Website Access”, whatever that is. Not true!!

What kind of page is that and who is going to be viewing it? It says “Come on in to Mrs. Hall’s second grade class […]”. It looks to me like a page Mrs. Hall made for her second grade students and their parents. Nice. I’m sure Mrs. Hall meant well. How old are second graders? Six or seven, depending on when their birthday is. Can 6 or 7 year olds enter into contractual agreements? No. Will 6 or 7 year olds know what that warning means? No. Will they click yes because they want to see what’s on the page? Most likely. Are they going to click the link that says “Website Access By Zango Search Tools” and read the EULA? I think not. Here’s another short clip to show what happens when you click “Yes”. Click for video. Notice at 0:58 I click “Yes” and the license agreement comes up again. Note the box that says “I am 18 or older…” is checked by default. The wide, short window is known to be the most difficult for users to read as well. The text at the top of the EULA window says “The content on this site is FREE thanks to Zango”. There’s another misleading statement. At CJB.net, the webhosting is “free”. It has absolutely nothing to do with the website content. More about CJB.net in a bit.

Alex Eckelberry