US court halts spyware operations

Out-Law News | 09 May 2006 | 12:19 pm | 2 min. read

An operation that deceptively downloaded spyware onto unsuspecting web users' computers, changing their settings and hijacking their search engines, has been halted by a federal court and ordered to give up more than $4 million in ill-gotten gains.

The case was brought by the Federal Trade Commission. The court also ordered a halt to another spyware operator’s stealthy downloads and barred the collection of consumers’ personal information, pending trial.

The FTC sued both operations charging that the stealthy downloads of spyware were unfair and deceptive and violated federal law. Although the companies used different techniques to direct consumers to their websites and implement the downloads, the FTC alleged that both operations hijacked consumers’ computers without the consumers’ knowledge or approval, secretly changed their settings, and barraged consumers with pop-up ads. The spyware and other software the defendants installed caused many computers to malfunction, slow down, or crash, causing consumers to lose data stored on their computers.

The FTC alleged that Sanford Wallace and his company, Smartbot.Net, exploited a security vulnerability in Internet Explorer to distribute spyware. The spyware caused the CD tray on computers to open and then issued a “FINAL WARNING!!” to computer screens with a message that said, “If your cd-rom drive’s open … You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!” Spy Wiper and Spy Deleter, purported anti-spyware products the defendants promoted, sold for $30.

A default judgment against Wallace and Smartbot.Net orders them to give up $4,089,500 in ill-gotten gains. The order also bars them from downloading spyware onto consumers’ computers; from downloading any software without consumers’ consent; from redirecting consumers’ computers to sites or servers other than those the consumers selected to visit; from changing any web browser’s default home page; and from modifying or replacing the search features or functions of any search engine.

A settlement with defendants OptinTrade and Jared Lansky, bars the same practices. Lansky, an ad broker who disseminated ads containing Wallace’s spyware, will give up $227,000 in ill-gotten gains.

In a second case, the FTC charged that Odysseus Marketing and its principal, Walter Rines, lured consumers to their website by advertising bogus software they claimed would allow consumers to engage in anonymous peer-to-peer file sharing.

According to the FTC, the spyware and other software bundled with it hijacked search engines and reformatted search engine results, placing Rines’ clients first. The FTC recently amended its complaint, charging that the defendants also distributed their spyware by exploiting security vulnerabilities in Internet Explorer and other applications, and that the defendants’ spyware captured consumers’ personal information, including their names, addresses, email addresses, telephone numbers, internet browsing and shopping history, and information about their online transactions. Once captured, the amended complaint alleges, the information was transmitted to the defendants’ internet servers, where they compiled the information into a database in order to sell access to the data.

A revised preliminary injunction has been issued against Odysseus and Rines. It bars them from downloading spyware without consumers’ consent, and from disclosing, using, or further obtaining consumers’ personal information, pending trial. The FTC will ask the court to order a permanent halt to their activities and order them to give up their ill-gotten gains.