Zango denies Storm worm conspiracy theories

According to an entry in the Trend Micro research blog, the company's security researchers discovered a variant of the Storm worm week of 12th May that they believed was installing Zango adware. Following discussions with the developers of the Storm worm, Zango has denied any association.

A blog entry by the researchers says that Trend Micro noticed Zango-related code, including a file named zango.php, being distributed among known Storm proxies. Trend initially thought that the Storm worm was distributing Zango adware to infected computers.

After contacting and working with the developers of the Storm worm, Zango has denied the allegation. The adware company wrote in its blog, "We have no explicit knowledge of Storm pushing Zango adware." The ad company, which used to trade under the name of 180solutions and later merged with Hotbar to form Zango, has not always been quite so ethical in the past, resorting to measures such as making it difficult to remove its adware once it was installed and suing – even if unsuccessfully – antivirus and anti-spyware manufacturer who classified Zango software as malicious.

Even Axel Eckelberry of Sunbelt Software has warned against blaming Zango. "We have a really hard time believing that Zango would knowingly work with distributors of Storm. While there's no love between us, they're not complete idiots, and they know that if they got caught they'd be in serious trouble with the FTC," writes Eckelberry in the Sunbelt blog.

Trend Micro has since updated its blog entry. It appears that the Storm worm developers are targeting machines that already have Zango software installed, and are not distributing the adware. They are probably exploiting a vulnerability in the Zango adware itself.

See also:

• Storm Puppet Masters Pushing Zango Software?, Entry in the Trend Micro blog
• Trend Micro Blog Entry -- UPDATE, statement by Zango
• Zango and Storm?, Entry by Alex Eckelberry in the Sunbelt blog

(mba)