FTC cracks down on spyware seller

RemoteSpy's vendor must make changes to its keylogging program to prevent the spyware from being installed without consent

The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling "100 percent undetectable" keylogging software.

Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else's computer.

[ Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Access InfoWorld from your iPhone or other mobile device at infoworldmobile.com. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

To prevent its program from being used illegally, CyberSpy must make changes to it to prevent surreptitious installation, and "encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers," the FTC said in a statement.

"This is not a nice, linear curve moving out of the recession," Thompson said. Especially for SMBs, future conditions can be hard to predict, he said.

The FTC sued CyberSpy in November 2008 in an effort to get it to change its business practices.

CyberSpy used to advertise its product as a tool that let users "secretly and covertly monitor and record PC's without the need of physical access."

Today, it's billed as a tool that lets users spy on their own PCs -- in order to keep tabs on children or employees.

The company previously had provided detailed instructions on how to attach a RemoteSpy executable file to an email message, disguised as a photo or legitimate file attachment, the FTC said.

Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by email filters.

Spyware such as this can be a big headache for system administrators. In March, a surgical assistant named Scott Graham was sentenced to three years probation and ordered to pay $33,000 in restitution to an Akron, Ohio, hospital, after a spyware program that he'd sent to an employee's Yahoo email address was inadvertently installed on a computer in Akron Children's Hospital's pediatric cardiac surgery department.

The spyware product, called SpyAgent, captured about 1,000 screen shots containing confidential patient information and sent them to Graham, prosecutors said.

Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan.

Join the discussion
Be the first to comment on this article. Our Commenting Policies