Court Slams Door On Sale of Spyware

coondoggie writes "The Federal Trade Commission yesterday had a US District Court issue a temporary restraining order halting the sale of RemoteSpy keylogger spyware. According to the FTC's complaint, RemoteSpy spyware was sold to clients who would then secretly monitor unsuspecting consumers' computers. The defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email."

This is good.

[Surreal Puppet]

But it's stuff like this we're really after: http://en.wikipedia.org/wiki/MPack_(software) [wikipedia.org]. People who code professional-grade malware generally do so to profit off of it. It's well known that in the existing ecosystem of digital crime the malicious hackers themselves rarely act as attackers in large-scale id/credit card theft; instead they sell it to people who do. Quoting this extremely enlightening interview: http://www.securityfocus.com/news/11476 [securityfocus.com]

"The project is not so profitable compared to other activities on the Internet. It's just a business. While it makes income, we will work on it, and while we are interested in it, it will live. Of course, some of our customers make huge profits. So in some ways, MPack could be looked at as a brand-name establishment project."

This particular piece of spyware is amateur stuff, aimed at paranoid spouses/bosses, but if we can hit the business of selling spyware (probably requiring the cooperation of the international banking system, as well as the governments of china and russia) it would totally cripple large-scale internet crime as we know it. It's a pipe dream, of course. But one can always dream.

Re:but why?

[pseudonomous]

Ultimately, hopefully, the issue which will get the defendants in trouble will not be that they sold the keylogger software OR that they provided tutorials on how to trojan it into unwitting victims computers, but rather that THEY stored illegally obtained software on THIER server. Otherwise, this sets a dangerous precident where someone decides that software which potentially has valid uses, is declared illegal. (It's convoluted but you can imagine a case where someone might have a legitimate use for using keylogger software) It's like the whole "right to bear arms thing", just becuase someone shoots his neighbor doesn't mean guns should be illegal. (they should be, IMO, but this isn't the reason)

Other legal purposes

[Anonymous Coward]

Almost all software has legal use to some extent.
I am a small company owner. I have 5 employees and provide them with computers. I have told them that their computer use is monitored and bought this software to ensure I could perform that task. It does.

My computers are for my company to make money, not their personal use. No personal email. No day-trading. No on-line banking and definitely no gaming. Do that stuff on your own computer and own time. I've had to discipline employees for personal use before and expect to do it again. My rules matter.