FTC Files Complaint Against Alleged Spyware Distributor

Moving to shut down alleged purveyors of spyware before a slew of legislation aimed at curbing the practice can become law, the Federal Trade Commission (FTC) has targeted a New Hampshire man it says ran a spyware and pop-up advertising ring.

The FTC filed a complaint in federal court in New Hampshire against Sanford Wallace and two of his companies — Seismic Entertainment Products and Pennsylvania-based SmartBot.Net. It seeks an injunction to shut down the alleged spyware operation and restitution of “ill-gotten gains” to consumers.

The agency said it believes the companies induced computer users to buy its spyware-eradication software, sold for US$30 and bearing names such as Spy Wiper and Spy Deleter, after first infecting those same users with spyware and pop-up-generating software.

The spyware was allegedly installed on users’ computers without their knowledge when they visited one of the Web sites the companies’ control starting late in 2003.

Innocence Proclaimed

In a statement posted to his Web site, Wallace said he would cooperate with the FTC investigation, but claims that he never received “a penny directly from any Internet consumers” and never developed any spyware.

“Our role is that of a webmaster/webserver and involvement with strategic optimization to achieve greatest profitability,” he wrote. “The only income we derive is from providing these services for other companies. Our services are consistent with those of most webmasters/webservers. If in fact it is found that any of our methods are in violation of any current laws, we will immediately cease such activities.”

The FTC said in its complaint that the spyware and adware were installed through a security flaw in Internet Explorer.

Playing Catch Up

Yankee Group analyst Eric Ogren said raising awareness of spyware is the most important part of the overall push to squelch it, even ahead of legislation and enforcement.

He noted that one survey done earlier this year found that more than 90 percent of broadband users had at least one spyware program on their machines — and that 90 percent of those were not aware of it.

“Antivirus firms have only just begun to target it and develop products for it,” Ogren told the E-Commerce Times. “The best thing that spyware had going for it was that it was invisible to most people. Once they become aware of it, they can take steps to stop it, and that will be the most powerful tool to stop it.”

Ogren said one reason for the new focus on spyware is that some security experts see the malware being modified to pack more punch. Instead of tracking user movements or popping up ads at strategic times, for instance, newer versions have included sniffer programs that track keystrokes and virus code that can give a hacker remote control of a computer.

Protecting Consumers

The FTC complaint apparently stems directly from one filed with the agency by the Center for Democracy and Technology (CDT) in May of this year, which detailed the connections among a number of Web companies tied to spyware distribution.

The CDT complaint seems to anticipate Wallace’s claims of innocence, saying that if he knew or should have known about the actions of the sites he affiliated with, he can be held responsible for those partners’ actions.

Ari Schwartz, associate director of the Center for Technology and Democracy, said the FTC is using existing authority to protect consumers online, but that additional power to protect individual privacy online would help it fight spyware and other online scourges.

The FTC has an important role in this issue,” Schwartz said. He added that the agency can intervene because of the business relationships involved in the Web hosting industry. The agency “needs to lay the groundwork for enforcement of existing privacy laws and hopefully position itself to enforce stronger regulations in the future.”