Court orders company to stop selling spyware

Filed Under: Data loss, Law & order

Florida-based software company CyberSpy Software has been ordered by a US district court to stop selling its RemoteSpy keylogging spyware program.

According to the Federal Trade Commission, CyberSpy gave customers detailed instructions on "how to disguise their spying program as an innocuous file, such as a photo, attached to an email."

It is claimed that when innocent internet users clicked on the disguised file, the spyware would install itself silently onto the victims' computer, monitoring every keystroke, email and instant message, and making a record of every website visited.

The RemoteSpy software secretly monitors computer activity

Data gathered by RemoteSpy was uploaded to a server run by the CyberSpy company, and made available to customers via a password-protected website.

The RemoteSpy and CyberSpy websites appear to be currently offline (presumably at the court's request) but I managed to find an archived version for the screenshot above.

CyberSpy is far from the only company to work in this apparent "grey" area between legitimate and illegitimate software. Such products typically promote themselves as a way for wives to spy on philandering husbands, or for concerned parents to keep an eye on what their babysitter is up to, rather than more traditional identity theft - but it's clear that they can be used with a wide variety of motives.

The FTC will be trying to prove that because the RemoteSpy software was installed onto computers without the informed consent of the PC's owner, and used to secretly steal personal data, that it was in breach of the law. If the FTC is successful in their fight against CyberSpy it could send a warning shot to other vendors selling "legitimate" spyware.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.