Court Slams Door On Sale of Spyware 51
coondoggie writes "The Federal Trade Commission yesterday had a US District Court issue a temporary restraining order halting the sale of RemoteSpy keylogger spyware. According to the FTC's complaint, RemoteSpy spyware was sold to clients who would then secretly monitor unsuspecting consumers' computers. The defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email."
This is good. (Score:4, Insightful)
But it's stuff like this we're really after: http://en.wikipedia.org/wiki/MPack_(software) [wikipedia.org]. People who code professional-grade malware generally do so to profit off of it. It's well known that in the existing ecosystem of digital crime the malicious hackers themselves rarely act as attackers in large-scale id/credit card theft; instead they sell it to people who do. Quoting this extremely enlightening interview: http://www.securityfocus.com/news/11476 [securityfocus.com]
"The project is not so profitable compared to other activities on the Internet. It's just a business. While it makes income, we will work on it, and while we are interested in it, it will live. Of course, some of our customers make huge profits. So in some ways, MPack could be looked at as a brand-name establishment project."
This particular piece of spyware is amateur stuff, aimed at paranoid spouses/bosses, but if we can hit the business of selling spyware (probably requiring the cooperation of the international banking system, as well as the governments of china and russia) it would totally cripple large-scale internet crime as we know it. It's a pipe dream, of course. But one can always dream.
Re:but why? (Score:5, Insightful)
Other legal purposes (Score:1, Insightful)
Almost all software has legal use to some extent.
I am a small company owner. I have 5 employees and provide them with computers. I have told them that their computer use is monitored and bought this software to ensure I could perform that task. It does.
My computers are for my company to make money, not their personal use. No personal email. No day-trading. No on-line banking and definitely no gaming. Do that stuff on your own computer and own time. I've had to discipline employees for personal use before and expect to do it again. My rules matter.