Not so long ago, I wrote about something called the Tango Toolbar. While digging around for more information, I actually came across another toolbar called “Tango” which is entirely unrelated (this one is about the dance, not…er…whatever the other one was about) yet also manages to raise some red flags:
Click to Enlarge
Turns out it was a file on Download.com, and this is what happened when I tried to grab it:
Click to Enlarge
Whoops.
This is what the description page looks like minus the “Blocked” alert box:
As you can see, it’s been available since 2006. Here’s a VirusTotal report from the 18th of June, with 21/41 vendors flagging it. Here’s an updated report from the 20th, and now 34 vendors are saying “Boom, headshot”. If you want to get into the technical side of things, a ThreatExpert summary from the 6th can be found here.
The main issues seem to be adware.component.toolbars and adware.eztracks, neither of which are mentioned in the (very short) EULA viewed when installing. Here it is:
Not the greatest EULA I’ve ever seen in my life, but there you go. below is what you’re supposed to see on install:
Click to Enlarge
However, the homepage wasn’t even online during testing so the “after install” page looked like this instead:
Click to Enlarge
Not exactly dazzling, I’m sure you’ll agree. Hardly a severe threat (and it’s certainly no Apheve), but a valuable reminder that sometimes things do slip through the cracks even on reputable download services.
I reported this on the 20th, and they took it offline the next day while mentioning their Product Management Team would “temporarily remove the product from our library and notify the publisher of the problem”. My support ticket is now flagged as “Solved” and the download is still MIA, so I’m guessing that’s the last dance for the Tango Toolbar.
Christopher Boyd