Not me, you. A recent post in the Web App Security mailing list prompted me to take a look at my own logs and do a little bit of extra research. This NWF article talks about FunWebProducts and its rapid spread as spyware. One thing that I haven't seen mentioned yet is what I've noticed in my referer logs. The IP's with the spyware (188.8.131.52, 184.108.40.206, 220.127.116.11, and 18.104.22.168, in the last week) are all referers for www.locators.com.