Zango adware has been out of sight for a while. It’s back with a new twist: using a fake codec to install its pain-in-the-butt software. The lure for the codec: an alleged porn video viewer.
Here’s researcher Patrick Jordan’s narrative:
“Any site that runs a fake codec scam or other social engineering scam to get users to infect themselves — those sites directly and indirectly associated are put into my sites listings and Zango just made it!
“From a rotational site I use to get the standard fake codecs and dischargers, today I found one of the re-directs going to a fake codec page advertising porn movies and the normal ‘No video player found.’
“What I got was a pop-up for a DreamMediaPlayerSetup.exe coming from prompt-zangocash.com.”
“Even just going to the main site url will also give a type of fake scanning then tell you not to close the window until installation is complete.”
Sites in the same IP all come under the same email user name with two different aliases:
Andrej Zolotov jcc_parker @ yahoo.com
Dmitry Ivanov Private person jcc_parker @ yahoo.com
216.12.161.18
coolvideoss.com
evideofreak.com
hidevideozz.com
innovavids.com
paradisios.com
pornntubxxx.com
pornotubxxx.com
porntubxxx.com
pvideoguide.org
qualivids.com
reliable007.com
videoguidez.com
videolifezzz.com
youvideoss.com
youvideozz.com
Our last blog entry, from April, about Zango being sold at fire-sale prices is here:
Thanks Patrick
Tom Kelchner