Court Halts Spyware Operations

An operation that deceptively downloaded spyware onto unsuspecting consumers’ computers, changing their settings and hijacking their search engines, has been halted by a federal court at the request of the Federal Trade Commission. The judge has ordered the operators to give up to more than $4 million in ill-gotten gains. The court also ordered a halt to another spyware operator’s stealthy downloads and barred the collection of consumers’ personal information, pending trial.

The FTC sued both operations charging that the stealthy downloads of spyware were unfair and deceptive and violated federal law. Although the companies used different techniques to direct consumers to their Web sites and implement the downloads, the FTC alleged that both operations hijacked consumers’ computers without the consumers’ knowledge or approval, secretly changed their settings, and barraged consumers with pop-up ads. The spyware and other software the defendants installed caused many computers to malfunction, slow down, or crash, causing consumers to lose data stored on their computers.

The FTC alleged that Sanford Wallace and his company, Smartbot.Net, exploited a security vulnerability in Microsoft’s Internet Explorer’s Web browser in order to distribute spyware. The spyware caused the CD-ROM tray on computers to open and then issued a “FINAL WARNING!!” to computer screens with a message that said, “If your cd-rom drive’s open . . .You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!” Spy Wiper and Spy Deleter, purported anti-spyware products the defendants promoted, sold for $30.

A default judgment against Wallace and Smartbot.Net orders them to give up $4,089,500 in ill-gotten gains. The order also bars them from downloading spyware onto consumers’ computers; from downloading any software without consumers’ consent; from redirecting consumers’ computers to sites or servers other than those the consumers selected to visit; from changing any Web browser’s default home page; and from modifying or replacing the search features or functions of any search engine. A settlement with defendants OptinTrade and Jared Lansky, bars the same practices that are barred in the Wallace and Smartbot.Net judgment. Lansky, an ad broker who disseminated ads containing Wallace’s spyware, will give up $227,000 in ill-gotten gains.

In a second case, the FTC charged that Odysseus Marketing and its principal, Walter Rines, lured consumers to their Web site by advertising bogus software they claimed would allow consumers to engage in anonymous peer-to-peer file sharing. According to the FTC, the spyware and other software bundled with it hijacked search engines and reformatted search engine results, placing Rines’ clients first. The FTC recently amended its complaint, charging that the defendants also distributed their spyware by exploiting security vulnerabilities in Internet Explorer and other applications, and that the defendants’ spyware captured consumers’ personal information, including their names, addresses, e-mail addresses, telephone numbers, Internet browsing and shopping history, and information about their online transactions. Once captured, the amended complaint alleges, the information was transmitted to defendants’ Internet servers, where they compiled the information into a database in order to sell access to the data.

A revised preliminary injunction has been issued against Odysseus and Rines. It bars them from downloading spyware without consumers’ consent, and from disclosing, using, or further obtaining consumers’ personal information, pending trial. The FTC will ask the court to order a permanent halt to their activities and order them to give up their ill-gotten gains.

The cases were filed in U.S. District Court for the District of New Hampshire.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. The case will be decided by the court.

NOTE: Stipulated final judgments and orders are for settlement purposes only and do not constitute an admission of guilt.

Copies of the legal documents associated with these cases are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov/ftc/complaint.htm. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to thousands of civil and criminal law enforcement agencies in the U.S. and abroad.

(Civil Action No. 04-377-JD - Seismic)
(Civil Action No. Civil No. 05-CV-330 SM - Odysseus)