Nonconsensual 180 Installations Continue


On Friday morning (February 17), I received a nonconsensual installation of 180solutions Zango software through a security exploit. I was browsing an ordinary commercial web site, when I got a popup from exitexchange.com (a major US ad network, with headquarters in Portland, Oregon) . The popup sent me to a third-party's web site. (I'll call that third party "X" for convenience.)

Then X ran a series of exploits to take control of my test PC, including using the widely-reported WMF exploit uncovered last month. Once X took control of my PC, X caused my computer to install and run 180solutions Zango software, among a dozen other programs. Notably, X fully installed 180's Zango without me taking any action whatsoever -- without me clicking "I agree," "Yes," "Finish," or any other button of any kind. X installed 180's Zango despite 180's new "S3" protections, intended to block these nonconsensual installations.

Most aspects of this installation are remarkably standard. "Adware" installations through security exploits are all too common. And it's not that unusual to see traffic flowing through an ad network even a big US ad network.

But what's newsworthy here is that 180solutions got installed, even though 180 last year told the world that these nonconsensual installations were impossible. Nonconsensual 180 Installations Continue, Despite 180's "S3" Screen

Linked by shanmuga Monday, 20th February 2006 6:26AM