FTC Spyware Settlement: RemoteSpy

It’s been a busy few weeks in terms of cyber justice.

Just last week, news broke that three men were indicted in connection with an online fraud operation that sold $100 million in rogue anti-virus software to victims in over 60 countries.

What’s this week’s cyber news from the courts? The U.S. Federal Trade Commission (FTC) has announced that it has “put the brakes on the business practices of an operation that was selling spyware and showing customers how to remotely install it on other people’s computers without their knowledge or consent.”

CyberSpy Software, LLC and its owner, Tracer R. Spence, the sellers of “RemoteSpy” keylogger software, have settled FTC charges with an order that bars them from advertising that the spyware can be disguised and installed on someone else’s computer without the owner’s knowledge; notice must be provided that the program has been downloaded, and the computer’s owner must give consent prior to installation.

The settlement comes two years after the FTC filed a preliminary injunction against CyberSpy, alleging that they were violating the law by advertising and selling RemoteSpy, marketing it as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” According to the FTC, “the defendants provided their clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an e-mail. When the e-mail recipient clicked on the attachment, the RemoteSpy program was downloaded and installed without the victim’s knowledge.” The spyware was then able to record every keystroke typed on the victim’s computer, log chat conversations, capture screenshots, access passwords, and record website history. RemoteSpy “clients” were able to access harvested information by logging in to a website maintained by CyberSpy.

What does this mean for the future of this spyware software? Per a PC World article: RemoteSpy is now “billed as a tool that lets users spy on their own PCs -- in order to keep tabs on children or employees”; instead of detailed, covert installation instructions, “Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by e-mail filters.”

For more information, read the full FTC news release.