ztango / edgesuite

[Frank]

Hello,

Does anyone know why some of my (small office) PCs would be accessing this
website from time to time.

content.ztango.com.edgesuite.net

Seems to have started fairly recently.

Is there any way to tell what kind of information is being sent or requested
in this type of thing?

Frank

 

[Wesley Vogel]

Windows Media Player.

This was all that I could find that made any sense. Ignore the Mac
references...

[["The new iMac, like the old, is virus-free, spyware-free......"

If ANYONE out there is using WMP for Mac to play WMV's you are indeed using
a piece of spyware. That piece of shit connects to AT LEAST 15 different web
sites and passes along statistical information as well as Wal Mart
immediately putting cookies on your system to track what your music/movie
prefs are for marketing purposes. THIS IS AN INDISPUTABLE FACT! I would more
catagorize it as marketing-ware, but it is an invasion of my privacy as far
as I'm concerned.

Here are just a FEW things I have logged:

COOKIE: serviceswitching.metaservices.microsoft.com
COOKIE: swapstart.walmart.com
COOKIE: img.wmp10.elsitiodc.com
COOKIE: images.live365.com
COOKIE: downloads.walmart.com

SITE CONNECTION: music.msn.com
SITE CONNECTION: dl.images.musicnet.com
SITE CONNECTION: wmp.audible.com
SITE CONNECTION: mlb.mlb.com
SITE CONNECTION: wmpinc.real.com
SITE CONNECTION: music.gettvcast.com
SITE CONNECTION: content.ztango.com.edgesuite.net

And more - quite a few more actually.

What is interesting to note is that the file that I played was a file that I
had PREVIOUSLY SAVED ON MY HARD DRIVE! I just happened to be connected to
the internet when I played it. It did not need to connect to ANY of these
sites to get content. If I block WMP from any access to the internet, it
still plays fine so IT DOES NOT NEED TO CONNECT TO THESE SITES TO PLAY THE
FILE.

MY CONCLUSION: WMP is a piece of spyware - if you are running it on your Mac
you are infected.

I am not trying to burst any bubbles here, but programs can and do "phone
home". This may be necessary for an automatic update or something of that
nature, but anything else is an invasion of my privacy as far as I'm
concerned.

MacDude was pointing out the same thing when LittleSnitch alerted him that
the dock and his contact list/book was "phoning home". Possibly for an
update? I dunno.

We Mac users have 99.9% less to worry about in this area, but are not
impervious. No viruses - ture. No spyware - I would have to debate this
issue because even something as simple as a tracking cookie is spyware in my
book. If you clean your cache after every session it helps, but if you get a
cookie from cgi-bin or ehg.hitbox.com while you are on the net, you are in
essence being "tracked". Cookies are not always benign little text files
that a site puts in your cache. Some of them are tracking cookies and to me
that is spyware..........]]
http://macdailynews.com/index.php/weblog/comments/8342/

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Wesley Vogel]

Windows Media Player.

This was all that I could find that made any sense. Ignore the Mac
references...

[["The new iMac, like the old, is virus-free, spyware-free......"

If ANYONE out there is using WMP for Mac to play WMV's you are indeed using
a piece of spyware. That piece of shit connects to AT LEAST 15 different web
sites and passes along statistical information as well as Wal Mart
immediately putting cookies on your system to track what your music/movie
prefs are for marketing purposes. THIS IS AN INDISPUTABLE FACT! I would more
catagorize it as marketing-ware, but it is an invasion of my privacy as far
as I'm concerned.

Here are just a FEW things I have logged:

COOKIE: serviceswitching.metaservices.microsoft.com
COOKIE: swapstart.walmart.com
COOKIE: img.wmp10.elsitiodc.com
COOKIE: images.live365.com
COOKIE: downloads.walmart.com

SITE CONNECTION: music.msn.com
SITE CONNECTION: dl.images.musicnet.com
SITE CONNECTION: wmp.audible.com
SITE CONNECTION: mlb.mlb.com
SITE CONNECTION: wmpinc.real.com
SITE CONNECTION: music.gettvcast.com
SITE CONNECTION: content.ztango.com.edgesuite.net

And more - quite a few more actually.

What is interesting to note is that the file that I played was a file that I
had PREVIOUSLY SAVED ON MY HARD DRIVE! I just happened to be connected to
the internet when I played it. It did not need to connect to ANY of these
sites to get content. If I block WMP from any access to the internet, it
still plays fine so IT DOES NOT NEED TO CONNECT TO THESE SITES TO PLAY THE
FILE.

MY CONCLUSION: WMP is a piece of spyware - if you are running it on your Mac
you are infected.

I am not trying to burst any bubbles here, but programs can and do "phone
home". This may be necessary for an automatic update or something of that
nature, but anything else is an invasion of my privacy as far as I'm
concerned.

MacDude was pointing out the same thing when LittleSnitch alerted him that
the dock and his contact list/book was "phoning home". Possibly for an
update? I dunno.

We Mac users have 99.9% less to worry about in this area, but are not
impervious. No viruses - ture. No spyware - I would have to debate this
issue because even something as simple as a tracking cookie is spyware in my
book. If you clean your cache after every session it helps, but if you get a
cookie from cgi-bin or ehg.hitbox.com while you are on the net, you are in
essence being "tracked". Cookies are not always benign little text files
that a site puts in your cache. Some of them are tracking cookies and to me
that is spyware..........]]
http://macdailynews.com/index.php/weblog/comments/8342/

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User


In

 

[David H. Lipman]

From: "Frank" <[email protected]>

| Hello,
|
| Does anyone know why some of my (small office) PCs would be accessing this
| website from time to time.
|
| content.ztango.com.edgesuite.net
|
| Seems to have started fairly recently.
|
| Is there any way to tell what kind of information is being sent or requested
| in this type of thing?
|
| Frank
|



If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *