Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Government The Courts News Your Rights Online

Court Slams Door On Sale of Spyware 51

coondoggie writes "The Federal Trade Commission yesterday had a US District Court issue a temporary restraining order halting the sale of RemoteSpy keylogger spyware. According to the FTC's complaint, RemoteSpy spyware was sold to clients who would then secretly monitor unsuspecting consumers' computers. The defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email."
This discussion has been archived. No new comments can be posted.

Court Slams Door On Sale of Spyware

Comments Filter:
  • Back Orifice [wikipedia.org] anyone?

    Bane of ICQ 98b users everywhere!
  • As much as the FTC deserves an "A" for effort, however, the timeline of the case is an excellent example of how poorly equipped the government is when it comes to addressing this type of problem. The brief states that RemoteSpy has been available since "at least August 2005.

    It hardly seems worth the effort if this time frame is typical. You'd hope any spyware scanner worth using would have picked it up 20x faster.

    • by MrNaz ( 730548 ) *

      To have had a greater effect, the court should have ordered that their hands be held in the door when it was being slammed.

    • You'd hope any spyware scanner worth using would have picked it up 20x faster.

      Not all anti-virus and malware scanners will include commercial products in their database.

      • You'd hope any spyware scanner worth using would have picked it up 20x faster.

        Not all anti-virus and malware scanners will include commercial products in their database.

        Unless of course the commercial product in question is a Windows system file...

  • This is good. (Score:4, Insightful)

    by Surreal Puppet ( 1408635 ) on Wednesday November 19, 2008 @01:16AM (#25813861) Journal

    But it's stuff like this we're really after: http://en.wikipedia.org/wiki/MPack_(software) [wikipedia.org]. People who code professional-grade malware generally do so to profit off of it. It's well known that in the existing ecosystem of digital crime the malicious hackers themselves rarely act as attackers in large-scale id/credit card theft; instead they sell it to people who do. Quoting this extremely enlightening interview: http://www.securityfocus.com/news/11476 [securityfocus.com]

    "The project is not so profitable compared to other activities on the Internet. It's just a business. While it makes income, we will work on it, and while we are interested in it, it will live. Of course, some of our customers make huge profits. So in some ways, MPack could be looked at as a brand-name establishment project."

    This particular piece of spyware is amateur stuff, aimed at paranoid spouses/bosses, but if we can hit the business of selling spyware (probably requiring the cooperation of the international banking system, as well as the governments of china and russia) it would totally cripple large-scale internet crime as we know it. It's a pipe dream, of course. But one can always dream.

    • "...if we can hit the business of selling spyware (probably requiring the cooperation of the international banking system, as well as the governments of china and russia) it would totally cripple large-scale internet crime as we know it. It's a pipe dream, of course. But one can always dream."

      I don't want to rob you of your dreams (or take away your pipe :), but the road to software hell is paved with legal definitions of the term "spyware".
      • I totally meant to type "malware", but my head is muddled from a sleepless night. Spyware is of course only a part of the problem.

        • Re: (Score:3, Informative)

          by TapeCutter ( 624760 )
          Ok, so "spyware" is a type of "malware", so define "malware"? - Can you see where I am going? - What is the magic algorithim that determines if an application is "malware"?
          • The thing with spyware is that it's included in legitimate apps, typically, and the user has to click through an EULA. Also, all software sold with the intended purpouse of large-scale crime have to be explicitly designed for the fraud in question (code for capturing credit card numbers and passwords from browser sessions/committing various forms of DDOS attacks for example.) The purpose of the software is obvious from it's construction (which conveniently also sets it apart from how commercial pen testing

          • It's the use to which it's put.

            Consider by analogy a crowbar. It could be used to force open someone's window or someone's head, both illegal; but it could also be used to pry off the hubcap of one's own car, an operation legal in most jurisdictions.

            Let's see, legal ethical use of spyware... Hmm, that's a tough one for a civil libertarian. Logging your underage kid's IRC sessions in case you later need to find out where she's run off to meet her 40 year old "friend"?

          • What is the magic algorithm that determines of a freedom fighter is a terrorist?

            Anyway, if you are really interesting in learning people are trying to come up with useful definitions that allow us to make the internet safer: http://www.antispywarecoalition.org/documents/definitions.htm [antispywarecoalition.org]

            Labeling software correctly, ie: letting consumers make their own decisions, means we don't need the legal system to get involved except where stuff is fraudulently mislabeled.

            You want to write malware, fin

    • Re: (Score:3, Interesting)

      by BountyX ( 1227176 )
      Credit card numbers are sold for 15$ a pop on irc. Social security numbers can run from 2-10 bucks. Now imagine stealing a backup tape with 15 million records...
  • If the television show Cheaters is ok, then surely this should be ok.
  • by Anonymous Coward

    Almost all software has legal use to some extent.
    I am a small company owner. I have 5 employees and provide them with computers. I have told them that their computer use is monitored and bought this software to ensure I could perform that task. It does.

    My computers are for my company to make money, not their personal use. No personal email. No day-trading. No on-line banking and definitely no gaming. Do that stuff on your own computer and own time. I've had to discipline employees for personal use before

    • Well, your rules don't /matter/, but I see your point.

    • Right, and I don't think the sale of this should be blocked. On the other hand, I think these clowns should be prosecuted for knowingly and willingly aiding and abetting any number of felonies, and most of their customers should be prosecuted as well. This is a program primarily used for criminal purposes and those criminal acts should be prosecuted.
  • Time for OSS to step up to the plate and make a GPL equivalent!

  • I consider myself a moderate libertarian. This is why it's only "moderate". I honestly do think this kind of software should be illegal; in fact I thought it WAS. In my opinion, no one has a legitimate reason to spy on someone else's computing habits, parents included. If you break down privacy you break down society, there's things you just don't want to know about other people, and said other people just as much do not want you to know about them.

    And please, don't compare this to gun rights. Guns as self
  • How easy is it to detect and/or delete keylogger software? Does anyone know if the popular anti-virus software out there will detect it?
  • Does this mean that companies which develop keylogging software for law enforcement use are breaking the law? No? Didn't think so.

    It shouldn't be illegal to write this kind of software, but it should be illegal to install it without either the owner's consent or a proper warrant.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...