Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

FTC Hammers on Freeware Distributor

Federal Trade Commission shuts down company accused of distributing spyware with its free goodies

Acting on charges by the Federal Trade Commission, a U.S. district court yesterday shut down a spyware distribution operation that it says has installed malware on millions of computers without consumers' consent.

ERG Ventures and several partners hid the Media Motor spyware in seemingly innocuous free software, including screen savers and video files, the FTC says. The agency has asked the court to order a permanent halt to the downloads, and to order the group to "give up its ill-gotten gains."

Joysticksavers.com and and PrivateinPublic.com were also named in the suit. A criminal investigation of the allegations is also under way at the U.S. Attorney's Office, the FTC says.

Media Motor, an application that tracks users' Web behavior, can be legitimately installed on client machines with the end users' permission. However, the FTC alleges that ERG Ventures and its partners hid the spyware in other applications, enabling them to track users' activity, generate advertising, and alter browser settings without the user's permission.

The FTC called Media Motor "malevolent software" that is "intrusive, disruptive, and makes it difficult for consumers to use their computers. However, security researcher Panda Software gives Media Motor its lowest possible threat rating.

"The message sent by the FTC is that businesses everywhere should say what they do and do what they say," says Chris Pierson, founder of the cybersecurity and cyberliability practice at Lewis and Roca LLP, a Phoenix, Ariz. law firm. "If information is collected for marketing partners -- or if cookies, Web beacons, or Web bugs are used -- then that needs to be disclosed to the end user, and the end user needs to agree to it."

Any software installed on end-user machines should request permission before installation, should be easily uninstalled, and "should not act surreptitiously in the background," Pierson adds. Most businesses do notify their end users before they distribute software, but there are some exceptions, experts say.

According to the FTC filing, ERG Ventures and partners not only didn't tell users about the spyware, but actively lied about it. A deceptive "End User License Agreement" gave consumers the option to halt the installation of all software from ERG Ventures, but it secretly installed malware whether consumers accepted or rejected the terms of the agreement, the agency says.

The ERG Ventures shutdown is one of a relatively small number of cybercrime-related actions to be leveled against a company, rather than a single hacker or group of hackers. Some companies have been giving short shrift to legal and regulatory requirements recently, in part because the enforcement mechanisms are not strong.

But the FTC, which has successfully lodged complaints against regulatory violators such as ChoicePoint and CardSystems, is an exception, says Pierson. "The FTC is perhaps the most vigorous enforcer of consumer laws, and the FTC Act has proven to be anything but a paper tiger, " he says.

Consumers who have experienced problems with any of the defendants in the suit can contact the FTC by writing to [email protected] or by calling 202-326-3504 to leave a message.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8220
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .