FTC cracks down on spyware seller

The vendor of RemoteSpy must make changes to prevent its spyware from being installed without consent

The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling "100 percent undetectable" keylogging software.

Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else's computer.

To prevent its program from being used illegally, CyberSpy must make changes to it to prevent surreptitious installation, and "encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers," the FTC said in a statement.

The FTC sued CyberSpy in November 2008 in an effort to get it to change its business practices.

CyberSpy used to advertise its product as a tool that let users "secretly and covertly monitor and record PC's without the need of physical access."

Today, it's billed as a tool that lets users spy on their own PCs -- in order to keep tabs on children or employees.

The company previously had provided detailed instructions on how to attach a RemoteSpy executable file to an e-mail message, disguised as a photo or legitimate file attachment, the FTC said.

Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by e-mail filters.

Spyware such as this can be a big headache for system administrators. In March, a surgical assistant named Scott Graham was sentenced to three years probation and ordered to pay US$33,000 in restitution to an Akron, Ohio, hospital, after a spyware program that he'd sent to an employee's Yahoo e-mail address was inadvertently installed on a computer in Akron Children's Hospital's pediatric cardiac surgery department.

The spyware product, called SpyAgent, captured about 1,000 screen shots containing confidential patient information and sent them to Graham, prosecutors said.

Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: http://twitter.com/bobmcmillan.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies