Not me, you. A recent post in the Web App Security mailing list prompted me to take a look at my own logs and do a little bit of extra research. This NWF article talks about FunWebProducts and its rapid spread as spyware. One thing that I haven't seen mentioned yet is what I've noticed in my referer logs. The IP's with the spyware (18.104.22.168, 22.214.171.124, 126.96.36.199, and 188.8.131.52, in the last week) are all referers for www.locators.com.