Security threats Toolkit

FTC to launch all-out assault on spyware merchants

Tags:
Sanford Wallace,
Spyware,
Spam

John Borland CNET News

Published: 12 Oct 2004 15:05 BST

In what could prove to be one the great second acts in Internet history, erstwhile king of spam Sanford Wallace takes centre stage this week as exhibit A in a federal crackdown on invasive online advertising software.

The Federal Trade Commission (FTC) is scheduled to announce on Tuesday an aggressive new strategy in taking on alleged purveyors of spyware.

In the first action of its kind, the agency last week filed a civil lawsuit against Wallace, charging the admitted former junk emailer with fraudulently installing advertising and other software on consumers' computers through his network of Web sites. The lawsuit is expected to be the centrepiece of Tuesday's announcement.

As in the early spam battles, the bombastic Wallace has become a lighting rod for efforts to clamp down on what many now consider to be among the most virulent Net pests. Tuesday's lawsuits -- particularly in conjunction with federal anti-spyware legislation nearing passage -- could help rein in business practices that have posed increasing risks for Net surfers during the past few years.

"Very much like with spam and the spam legislation last year, spyware can be fought through a combination of efforts: enforcement, legislation, technology and consumer education," said Dave Baker, an attorney for Internet service provider EarthLink, which has been an active participant in anti-spyware efforts. "No one thing cures the problem by itself."

Wallace could not immediately be reached for comment.

The last year has proved to be a tipping point for an issue that has been building for several years. Reports of widespread adware and spyware infection have increased dramatically, in part as consumers have increasingly realised that their computer crashes and slowdowns were being caused by surreptitious advertising software.

EarthLink recently said that its online spyware-spotting tool had been used 3 million times since January, and had found an average of 26 spyware components on people's hard drives.

The result has been a surge of legislative efforts in Congress and state legislatures, as well as this week's lawsuits from the FTC.

The limits of legal
Wallace -- once dubbed "Spamford" by a Net community desperate to cut off the flow of unsolicited email coming from his company's servers -- has been operating new advertising ventures for several years. Regardless of the outcome of the suit, the charges brought against Wallace's companies -- Seismic Entertainment Productions and SmartBot -- could help raise awareness of the issue.

In an interview with ZDNet UK sister site CNET News.com last year, he outlined his strategy of boosting traffic by forcing people to click through multiple pop-up windows in order to exit his PassItOn.com entertainment site. He said he would soon start collecting personal information from people who wanted to use his site without so many windows.

"We don't violate anybody's privacy; everything is disclosed," Wallace said in that interview. "We're giving something away for free in exchange for consumers' permission to use private information. It's no secret. Publishers Clearing House has been doing this type of thing for years."

The FTC cited that interview in its lawsuit, which was filed in New Hampshire federal court last week.

In the lawsuit, FTC and independent investigators outline a string of what they say were potentially abusive practices.

FTC investigator Sallie Schools said Web sites operated by Wallace changed the home page in her Internet Explorer browser. Programming code on one page popped open the CD drive in her computer, and showed text saying "If your cd-rom drives open...You desperately need to rid your system of spyware pop-ups immediately." The site then offered a product called Spy Deleter.

Other sites surreptitiously downloaded software from another company's site, which in turn led to the installation of numerous other spyware and advertising programs, the lawsuit charged. All of the actions took advantage of publicised security holes in Microsoft's Internet Explorer browser.

Anti-spyware activists say a successful case focusing on these practices -- changing home pages without consent, installing software without consent, and "compelling" purchase of anti-spyware software -- will help clamp down on some of the worst practices online.

"We're very positive about the way this is looking; it looks like they've built a good case," said Ari Schwartz, associate director of the Centre for Democracy and Technology, which first brought Wallace's company to the attention of the FTC. "This fits into the kinds of cases where the FTC could get their feet wet on this issue."