Feeds

Bogus anti-spyware firm fined $1m

Scareware tactics backfire on Secure Computer

High performance access to file storage

A firm accused of marketing bogus anti-spyware software has paid $1m to settle a lawsuit brought by the US State of Washington.

New York-based Secure Computer (not to be confused with legitimate security firm Secure Computing) is accused of using spamming and pop-ups in an aggressive and allegedly deceitful marketing campaign designed to promote sales of a product called Spyware Cleaner.

The case against Secure Computer followed complaints that the firm and its marketing associates were punting software that falsely claimed computers were infected with spyware, before using scare tactics to push them into shelling out $50 for a product that did more harm than good.

Washington State's investigation showed that users running so-called free scans using the software were always informed their PCs were infected even if their computers were clean. Even worse, Spyware Cleaner failed to detect some types of spyware. During the free scan, the software also surreptitiously erased a computer's Hosts file, which can be used to store web addresses that a user wants to block.

The lawsuit alleged violations under Washington's 2005 Computer Spyware Act, federal and state spam laws, and the state Consumer Protection Act.

An estimated 1,145 Washington residents who purchased Secure Computer's Spyware Cleaner software and, in some cases, Popup Padlock (a so-called upgrade that was actually a duplicate program) are eligible for refunds under the agreement filed in federal court.

The case against Secure Computer and its affiliates is the first to be settled under Washington's newly enacted computer spyware laws.

Washington Attorney General Rob McKenna said the successful conclusion of the case was a "victory" for Washington consumers and the online marketplace. "It sends a strong message to internet businesses that they must promote their products ethically and legally. We won't tolerate deceptive marketing such as 'scareware' that preys on consumers' fears about spyware and online threats," he added.

Secure Computer stopped flogging Spyware Cleaner (previously marketed through sites including myspywarecleaner.com and checkforspyware.com) after the state filed its lawsuit back in January. Settlements with three other defendants in the case were agreed earlier this year.

Under an agreement signed last week in Seattle by US District Court Judge Ricardo Martinez, Secure Computer and Paul Burke (its president) agreed to pay $200,000 in civil penalties, $75,000 in restitution for consumers, and $725,000 in state attorneys' fees and costs. The firm also agreed to be bound by an injunction that means it will face even heavier fines if it engages in similar marketing practices again.

Secure Computer didn't admit to any wrongdoing in the case, but it did agree to send out email notices to all its customers in Washington State informing them of their right to receive refunds. "Customers" of the Spyware Cleaner and Popup Padlock in other states are not eligible to refunds.

Washington consumers who believe they are eligible for refunds may file a complaint with the Attorney General's Office online at www.atg.wa.gov or call 1-800-551-4636 to request a form or additional information.

Some of the emails punting Spyware Cleaner pose as messages from MSN Member Service with subject lines such as "Special Security Alert for MSN Members". Other messages arrive as pop-ups via Windows Messenger. These alleged tactics prompted Microsoft to file a federal lawsuit against Secure Computer alleging the firm used its trademarks without permission to suggest Microsoft recommended the ineffective software.

Microsoft's case against Secure Computer remains pending. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.