Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    January 18th, 2005
    Posts
    3
    Hey guys.

    I have a few questions regarding Zango and all of the famous 180solutions crap.

    1. Is there any technical information on Zango functionality anywhere? Apart from the fact that it is a memory resident software that pulls out popups based on user's search queries.

    2.Does it communicate with the 180solutions servers?

    2a.If it does, did anyone analyze the packets sent?

    3.Does it form unique identifiers?

    3a.If so, where are they stored? (I dont think they are simply tracking click throughs by originating IP)

  2. #2
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    WOW!! Some pretty deep questions for a first post from someone eh?
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  3. #3
    Newbie
    Join Date
    January 18th, 2005
    Posts
    3
    Thanks, I'll take that as a compliment

    Regarding my questions, I have read Edelman's research but it's incomplete for my purposes. Rather it lacks the client side functionality description.

    Thanks in advance.

    P.S. I dont have any of my test machines available yet for voluntary infection, so if anyone could provide assembly list from the decompiled executable I would appreciate it greatly. Anything will do, usuall diss. dump or SoftIce, windasm or ida listings.
    All this doesnt apply of course if Zango/n_case is packed with something nasty.

  4. #4
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    For the answers you want I would think it best to get ahold of Ben himself or maybe Ms.B might know.
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  5. #5
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Not sure why you want to know all of this but:

    1. Not sure if anything is available, depends on what technical information you are wanting.

    2. Yes

    2a. Yes

    3. It assigns a unique identifier to each install if that's what you mean.

    3a. Not sure where you mean by stored? There are no click thrus at all with their software. That's one of the points.

    I do not decompile executables and question that such should be asked for here.

  6. #6
    Newbie
    Join Date
    January 18th, 2005
    Posts
    3
    What I mean by stored:

    During/after install once the UID was generated (based on login ,computer name, domain or whatever they use to generate the UID) it has to be stored somewhere either in windows registry or some sort of configuration file. I was simply wondering where such UID can be located, providing anyone dug in that deep.

    As for dissasembling; ZANGO/nCase are typical lawless parasites and there are ways to aggressively fight such infections. I dont see any harm at that, especially since best form of defense is attack.

    P.S. From first look Zango is nothing more than a user-agree interface to install good old n-Case.

    Upon installing Zango, it attempts to download a zangoinstaller.cab which contains 3 files. ZangoLib.dll ZangoInstaller.dll and Zango.inf
    Upon checking out Zango.dll guess what: it riderects of course to download something from

    http://bis.180solutions.com/VersionC...?did=zango.exe

    Guess what it is?
    /new_ver=5.11 /new_ver_url=http://bis.180solutions.com/downloads/5.11/msbb.exe /new_ver_sz=278528 /new_ver_sig={...}

    Yes, good old nCase. Version 5.11 of msbb.exe which does the usual tricks probably.
    I am going to work more on msbb.exe to see if it has any new "features". So far looks the same though.

  7. #7
    Full Member
    Join Date
    January 18th, 2005
    Posts
    469
    As to question 3a: As I recall, 180's unique UID is stored in the registry.

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Zango shuts down!
    By Catwoman in forum Midnight Cafe'
    Replies: 1
    Last Post: April 23rd, 2009, 09:32 PM
  2. TRUSTe and Zango
    By Angel Djambazov in forum Suspicious Activity!
    Replies: 5
    Last Post: February 20th, 2007, 09:45 AM
  3. Zango removal
    By Catwoman in forum Suspicious Activity!
    Replies: 2
    Last Post: October 11th, 2006, 10:51 PM
  4. Zango
    By Kellie aka Ms. B in forum Suspicious Activity!
    Replies: 6
    Last Post: April 1st, 2004, 05:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •