evil cheatgenius / zango.com content trap
Unknowing users might be tricked into installing potentially malicious and definitely privacy invading software on their computers, in order to view free ‘premium content‘.
At least, that is what the people at cheatgenius.co.uk and their partner zango.com are up to, or so it seems to me. (And I tend to have a very good nose for those things – but you don’t have to take my word for it).
In the beginning, there was me, and I was surfing for a cheat (yeah, sometimes I am lame) for the new C&C 3 demo. I ended up on cheatgenius, and immediately I got the pop-up/layer you see in the upper right corner of this post. Basically they want you to install a ‘toolbar’ which will serve you adds, and works as an interface to a search engine, which will allow you to see the premium content on cheatgenius for free.
First of all, all content on that site is supposedly ‘premium’ since every darn page gives me that annoying pop-up/layer. (that is something that ticks me off like you wouldn’t believe).
So, I smelled something I really don’t like, so I investigated further, without installing that software off course. (I am not completely insane you know).
So, why do I take such offence to this? Well, first off all, the company who makes the software, used to be known as 180solutions. This company has been severely reprimanded and sued and it’s own EULA states that the use of that software ‘may’ be illegal in Alaska.
Some (including Zango.com) may argue that the company has made a deal with the FTC, and cleaned up it’s act. I don’t buy that for a minute. If they would truly have cleaned up, their software wouldn’t be (possibly) illegal in Alaska, and a little while ago, Kaspersky Labs won a lawsuit Zango had filed against them, because the Judge agreed with the defendant that it was free to block and screen based on the Communications Decency Act. Therefore admitting that Zango’s software is indeed, indecent.
Another reason I find the software and even EULA itself malicious is because the EULA grants the software and Zango.com the explicit right to update and change the workings of the software. To quote the EULA:
7. Updates. Zango, in its sole discretion, may provide you with Updates to the Zango Software as part of this Agreement. The Zango Software will automatically check with Zango for the existence of any Update that Zango has released, and in the event that one is available, the Zango Software will update itself automatically. Nothing herein shall be construed or interpreted as requiring that Zango provide Updates. Zango will not install any new software or Update that in our reasonable judgment has functionality that is materially different from the functionality of the previously installed Zango Software without your prior consent.
That about says it all. As soon as you installed their software, to view the so-called ‘premium content’ (which, in the case of cheatgenius.co.uk can be seen at many other sources without needing any software), they can do with you computer what they want, when they want it. Now, I’m not saying they actually do evil things the moment they have their software on your computer, but I am saying they can. And their track-record doesn’t really show much promise. The fact that they explicitly deny they will do such a thing is more proof then anything, since most companies like that have been known to change their EULA in a blink of an eye, and then suddenly, they can do whatever they want without breaking the EULA and their agreement with you. (One of the oldest tricks in the book really).
I am not against advertising. Advertising drives a lot of good sites I frequent, and most of them show no or little tainting in their content to please (potential) advertisers. I am against feeding innocent and unknowing users potentially dangerous software, which could possibly be used by an attacker to install back doors and Trojans. Sites have a right to put advertising on their websites, because they have to eat too. But it can be done in an ethical way, which doesn’t tamper with their visitors rights. Above all a site has the duty to protect its visitors against malicious activities resulting from visiting their website. The construction Cheatgenius.co.uk and Zango.com have is, in my opinion, quite the opposite.
So, people browsing the internet: please beware, and don’t install toolbars and other stuff, unless you know for a fact that there is no danger to you. In the end you are responsible for the things that take place on your computer, and through your internet connection, and therefore you have an obligation to take care of securing both. If you don’t know how to: ask friends or family, and there are plenty of companies willing to help for a modest fee.