The Federal Trade Commission (FTC) has announced a settlement that bars an Orlando, Fla.-based company from marketing a spyware product as undetectable.
Under the settlement’s terms, the result of a 2008 lawsuit filed by the FTC, CyberSpy Software is prohibited from “advertising that [its RemoteSpy keystroke logger] can be disguised and installed on someone’s else’s computer without the owner’s knowledge.”
The software must gain the approval of the computer owner before it can be installed, according to the settlement, announced Wednesday.
The FTC’s complaint had stated that CyberSpy Software promoted the program as a “100 percent undetectable” way to spy on others. According to court documents, CyberSpy provided its clients with detailed instructions of how to disguise the spyware as an innocuous file, such as a photo attached to an email. When the victims clicked on the disguised file, the keylogger spyware installed itself without the victims’ knowledge and recorded every keystroke typed, including passwords.
The FTC complaint also said that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients.
Buyers no longer can receive instructions of how to masquerade the software as a seemingly legitimate attachment, according to the settlement. Customers also must be told that improper use of the software can result in state or federal penalties.
In addition, the company must remove any legacy versions of the software that already have been installed, ensure data transmitted over the web is encrypted and inform affiliates of the new rules, the FTC said.
Clegg Ivey, general counsel for CyberSpy Software, said he was pleased with the settlement, which did not contain any fines or shutdown requirements.
The company now promotes the RemoteSpy product as “perfect for those who wish to monitor their computer while away and view the logs online,” according to its website.
“[W]e’ve added some splash screens and pop-up notices, both during the purchase process and during install, that remind people that they should only monitor computers they own or have permission to monitor,” Ivey said.