Florida-based software company CyberSpy Software has been ordered by a US district court to stop selling its RemoteSpy keylogging spyware program.
According to the Federal Trade Commission, CyberSpy gave customers detailed instructions on “how to disguise their spying program as an innocuous file, such as a photo, attached to an email.”
It is claimed that when innocent internet users clicked on the disguised file, the spyware would install itself silently onto the victims’ computer, monitoring every keystroke, email and instant message, and making a record of every website visited.
Data gathered by RemoteSpy was uploaded to a server run by the CyberSpy company, and made available to customers via a password-protected website.
The RemoteSpy and CyberSpy websites appear to be currently offline (presumably at the court’s request) but I managed to find an archived version for the screenshot above.
CyberSpy is far from the only company to work in this apparent “grey” area between legitimate and illegitimate software. Such products typically promote themselves as a way for wives to spy on philandering husbands, or for concerned parents to keep an eye on what their babysitter is up to, rather than more traditional identity theft – but it’s clear that they can be used with a wide variety of motives.
The FTC will be trying to prove that because the RemoteSpy software was installed onto computers without the informed consent of the PC’s owner, and used to secretly steal personal data, that it was in breach of the law. If the FTC is successful in their fight against CyberSpy it could send a warning shot to other vendors selling “legitimate” spyware.