Original URL: http://www.theregister.co.uk/2007/01/31/ftc_settlement/

FTC spanks Sony BMG, porn operator

Spyware and x-rated spam

By Dan Goodin

Posted in Security, 31st January 2007 02:52 GMT

It's been a good day for the Federal Trade Commission, which has spanked Sony BMG for its surreptitious installation of nasty-ware and an adult Web site that - gasp - was responsible for the sending of x-rated spam.

Sony BMG agreed to pay up to $150 for each computer damaged in its secret scheme to load spyware-laced DRM software on its customers' machines. Not only did the software (a) load with no warning (b) report users' listening habits to a Sony BMG-controlled server, (c) prevent copying that may be protected under the fair use doctrine and (d) open a gaping hole that could have allowed online criminals to completely own the machine, but Sony also (e) rained down salt in customers' wounds by suggesting their complaints over the practice were trivial.

The settlement could represent a bitter dose for Sony if enough infected users - estimated by one researcher to range from 100,000 to 1m - claim their stake. The record label has already settled state claims in California and Texas, which call for Sony to pay up to $175 to CD buyers who were stung.

Sony's remorse is a far cry from defenses erected in late 2005 when one exec famously remarked: "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

Also crying uncle was TJ Web Productions, which agreed to pay $465,000 to settle charges that the spam campaign it initiated failed to comply with an FTC rule requiring sexually explicit spam to be marked as such and the CAN-Spam act, which dictates spam must display a physical address. ®