Original URL: http://www.theregister.co.uk/2006/12/05/washington_anti-spware_lawsuit/

Bogus anti-spyware firm fined $1m

Scareware tactics backfire on Secure Computer

By John Leyden

Posted in Security, 5th December 2006 13:52 GMT

A firm accused of marketing bogus anti-spyware software has paid $1m to settle a lawsuit brought by the US State of Washington.

New York-based Secure Computer (not to be confused with legitimate security firm Secure Computing) is accused of using spamming and pop-ups in an aggressive and allegedly deceitful marketing campaign designed to promote sales of a product called Spyware Cleaner.

The case against Secure Computer followed complaints that the firm and its marketing associates were punting software that falsely claimed computers were infected with spyware, before using scare tactics to push them into shelling out $50 for a product that did more harm than good.

Washington State's investigation showed that users running so-called free scans using the software were always informed their PCs were infected even if their computers were clean. Even worse, Spyware Cleaner failed to detect some types of spyware. During the free scan, the software also surreptitiously erased a computer's Hosts file, which can be used to store web addresses that a user wants to block.

The lawsuit alleged violations under Washington's 2005 Computer Spyware Act, federal and state spam laws, and the state Consumer Protection Act.

An estimated 1,145 Washington residents who purchased Secure Computer's Spyware Cleaner software and, in some cases, Popup Padlock (a so-called upgrade that was actually a duplicate program) are eligible for refunds under the agreement filed in federal court.

The case against Secure Computer and its affiliates is the first to be settled under Washington's newly enacted computer spyware laws.

Washington Attorney General Rob McKenna said the successful conclusion of the case was a "victory" for Washington consumers and the online marketplace. "It sends a strong message to internet businesses that they must promote their products ethically and legally. We won't tolerate deceptive marketing such as 'scareware' that preys on consumers' fears about spyware and online threats," he added.

Secure Computer stopped flogging Spyware Cleaner (previously marketed through sites including myspywarecleaner.com and checkforspyware.com) after the state filed its lawsuit back in January. Settlements with three other defendants in the case were agreed earlier this year.

Under an agreement signed last week in Seattle by US District Court Judge Ricardo Martinez, Secure Computer and Paul Burke (its president) agreed to pay $200,000 in civil penalties, $75,000 in restitution for consumers, and $725,000 in state attorneys' fees and costs. The firm also agreed to be bound by an injunction that means it will face even heavier fines if it engages in similar marketing practices again.

Secure Computer didn't admit to any wrongdoing in the case, but it did agree to send out email notices to all its customers in Washington State informing them of their right to receive refunds. "Customers" of the Spyware Cleaner and Popup Padlock in other states are not eligible to refunds.

Washington consumers who believe they are eligible for refunds may file a complaint with the Attorney General's Office online at www.atg.wa.gov or call 1-800-551-4636 to request a form or additional information.

Some of the emails punting Spyware Cleaner pose as messages from MSN Member Service with subject lines such as "Special Security Alert for MSN Members". Other messages arrive as pop-ups via Windows Messenger. These alleged tactics prompted Microsoft to file a federal lawsuit against Secure Computer alleging the firm used its trademarks without permission to suggest Microsoft recommended the ineffective software.

Microsoft's case against Secure Computer remains pending. ®