Not me, you. A recent post in the Web App Security mailing list prompted me to take a look at my own logs and do a little bit of extra research. This NWF article talks about FunWebProducts and its rapid spread as spyware. One thing that I haven't seen mentioned yet is what I've noticed in my referer logs. The IP's with the spyware (126.96.36.199, 188.8.131.52, 184.108.40.206, and 220.127.116.11, in the last week) are all referers for www.locators.com.