Feeds

Bogus anti-spyware firm fined $1m

Scareware tactics backfire on Secure Computer

SANS - Survey on application security programs

A firm accused of marketing bogus anti-spyware software has paid $1m to settle a lawsuit brought by the US State of Washington.

New York-based Secure Computer (not to be confused with legitimate security firm Secure Computing) is accused of using spamming and pop-ups in an aggressive and allegedly deceitful marketing campaign designed to promote sales of a product called Spyware Cleaner.

The case against Secure Computer followed complaints that the firm and its marketing associates were punting software that falsely claimed computers were infected with spyware, before using scare tactics to push them into shelling out $50 for a product that did more harm than good.

Washington State's investigation showed that users running so-called free scans using the software were always informed their PCs were infected even if their computers were clean. Even worse, Spyware Cleaner failed to detect some types of spyware. During the free scan, the software also surreptitiously erased a computer's Hosts file, which can be used to store web addresses that a user wants to block.

The lawsuit alleged violations under Washington's 2005 Computer Spyware Act, federal and state spam laws, and the state Consumer Protection Act.

An estimated 1,145 Washington residents who purchased Secure Computer's Spyware Cleaner software and, in some cases, Popup Padlock (a so-called upgrade that was actually a duplicate program) are eligible for refunds under the agreement filed in federal court.

The case against Secure Computer and its affiliates is the first to be settled under Washington's newly enacted computer spyware laws.

Washington Attorney General Rob McKenna said the successful conclusion of the case was a "victory" for Washington consumers and the online marketplace. "It sends a strong message to internet businesses that they must promote their products ethically and legally. We won't tolerate deceptive marketing such as 'scareware' that preys on consumers' fears about spyware and online threats," he added.

Secure Computer stopped flogging Spyware Cleaner (previously marketed through sites including myspywarecleaner.com and checkforspyware.com) after the state filed its lawsuit back in January. Settlements with three other defendants in the case were agreed earlier this year.

Under an agreement signed last week in Seattle by US District Court Judge Ricardo Martinez, Secure Computer and Paul Burke (its president) agreed to pay $200,000 in civil penalties, $75,000 in restitution for consumers, and $725,000 in state attorneys' fees and costs. The firm also agreed to be bound by an injunction that means it will face even heavier fines if it engages in similar marketing practices again.

Secure Computer didn't admit to any wrongdoing in the case, but it did agree to send out email notices to all its customers in Washington State informing them of their right to receive refunds. "Customers" of the Spyware Cleaner and Popup Padlock in other states are not eligible to refunds.

Washington consumers who believe they are eligible for refunds may file a complaint with the Attorney General's Office online at www.atg.wa.gov or call 1-800-551-4636 to request a form or additional information.

Some of the emails punting Spyware Cleaner pose as messages from MSN Member Service with subject lines such as "Special Security Alert for MSN Members". Other messages arrive as pop-ups via Windows Messenger. These alleged tactics prompted Microsoft to file a federal lawsuit against Secure Computer alleging the firm used its trademarks without permission to suggest Microsoft recommended the ineffective software.

Microsoft's case against Secure Computer remains pending. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.