Programmer Gives Up All The Money He Made Distributing Spyware

An affiliate Webmaster who used the allure of “free” music downloads to spread malicious computer code is settling Federal Trade Commission charges he violated federal law. The defendant, who was paid to distribute the code by the company that developed it, will give up all of his ill-gotten gains.

The order entered against Nicholas C. Albert permanently bars him from interfering with consumers’ computer use, including distributing software code that tracks consumers’ Internet activity or collects other personal information, changes their preferred homepage or other browser settings, inserts new toolbars onto their browsers, installs dialer programs, inserts advertising hyperlinks into third-party Web pages, or installs other advertising software. It also prohibits him from making false or misleading representations; prohibits him from distributing advertising software and spyware; and requires he perform substantial due diligence and monitoring if he is to participate in any affiliate program. Albert will also give up his ill-gotten gains – $3,300.

According to the FTC complaint, Albert engaged in deceptive practices when he bundled Enternet Media’s malware with “free” music made available to bloggers and others at his Web sites: iwebtunes.com and iwebmusic.com. Bloggers who selected a music file from Albert’s site also received a bundled piece of java script code that caused their blogs to display Enternet Media’s deceptive software installation boxes. Then, whenever a consumer landed on a blog that had downloaded files from Albert, the consumer would not only hear music, but would also see the pop-up.

The pop-ups purported to offer free browser upgrades or security upgrades. However, if a consumer downloaded the “upgrade” they automatically installed Enternet Media’s malicious code on their computer. The Commission alleged that the code interfered with the functioning of the computer, and was difficult for consumers to uninstall or remove. In addition, the code tracked consumers’ Internet activity, changed their home page settings, inserted new toolbars onto their browsers, inserted a large side “frame”or “window” onto browser windows that in turn displayed ads, and displayed pop-up ads, even when consumers’ Internet browsers were not activated.

The Commission vote to authorize staff to file the stipulated final order was 5-0. The stipulated final order for permanent injunction was filed in the U.S. District Court for the Central District of California.

The FTC’s case was brought with the assistance of the Microsoft Corporation, Webroot Software, Inc., and Google Incorporated.

NOTE: This stipulated final order is for settlement purposes only and does not constitute an admission by the defendant of a law violation. A stipulated final order requires approval by the court and has the force of law when signed by the judge.

Copies of the stipulated final order are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov/ftc/complaint.htm. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to thousands of civil and criminal law enforcement agencies in the U.S. and abroad.

(FTC File No. X05 0065)
(Civil Action No. CV SACV05-801 AHS (MGx))