Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


FTC Hammers on Freeware Distributor

Federal Trade Commission shuts down company accused of distributing spyware with its free goodies

Acting on charges by the Federal Trade Commission, a U.S. district court yesterday shut down a spyware distribution operation that it says has installed malware on millions of computers without consumers' consent.

ERG Ventures and several partners hid the Media Motor spyware in seemingly innocuous free software, including screen savers and video files, the FTC says. The agency has asked the court to order a permanent halt to the downloads, and to order the group to "give up its ill-gotten gains."

Joysticksavers.com and and PrivateinPublic.com were also named in the suit. A criminal investigation of the allegations is also under way at the U.S. Attorney's Office, the FTC says.

Media Motor, an application that tracks users' Web behavior, can be legitimately installed on client machines with the end users' permission. However, the FTC alleges that ERG Ventures and its partners hid the spyware in other applications, enabling them to track users' activity, generate advertising, and alter browser settings without the user's permission.

The FTC called Media Motor "malevolent software" that is "intrusive, disruptive, and makes it difficult for consumers to use their computers. However, security researcher Panda Software gives Media Motor its lowest possible threat rating.

"The message sent by the FTC is that businesses everywhere should say what they do and do what they say," says Chris Pierson, founder of the cybersecurity and cyberliability practice at Lewis and Roca LLP, a Phoenix, Ariz. law firm. "If information is collected for marketing partners -- or if cookies, Web beacons, or Web bugs are used -- then that needs to be disclosed to the end user, and the end user needs to agree to it."

Any software installed on end-user machines should request permission before installation, should be easily uninstalled, and "should not act surreptitiously in the background," Pierson adds. Most businesses do notify their end users before they distribute software, but there are some exceptions, experts say.

According to the FTC filing, ERG Ventures and partners not only didn't tell users about the spyware, but actively lied about it. A deceptive "End User License Agreement" gave consumers the option to halt the installation of all software from ERG Ventures, but it secretly installed malware whether consumers accepted or rejected the terms of the agreement, the agency says.

The ERG Ventures shutdown is one of a relatively small number of cybercrime-related actions to be leveled against a company, rather than a single hacker or group of hackers. Some companies have been giving short shrift to legal and regulatory requirements recently, in part because the enforcement mechanisms are not strong.

But the FTC, which has successfully lodged complaints against regulatory violators such as ChoicePoint and CardSystems, is an exception, says Pierson. "The FTC is perhaps the most vigorous enforcer of consumer laws, and the FTC Act has proven to be anything but a paper tiger, " he says.

Consumers who have experienced problems with any of the defendants in the suit can contact the FTC by writing to [email protected] or by calling 202-326-3504 to leave a message.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
PUBLISHED: 2021-01-28
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.