State Sues Major "spyware" Distributor
Attorney General Spitzer today sued one of the most elusive internet spyware companies, alleging that the firm surreptitiously installed millions of pop-up ad programs on consumers' computers.
The suit against the Direct Revenue company seeks a court order enjoining the firm from secretly installing spyware or sending ads through already-installed spyware. The suit also asks the court to compel the company to provide an accounting of its revenues and asks the court to impose appropriate monetary penalties.
"Surreptitiously installed spyware and adware harm consumers and businesses, and my office will continue to prosecute these practices aggressively," said Spitzer, whose office last year spurred industry-wide attention to this problem with his suit and settlement against adware distributor Intermix Media. "These applications are deceptive and unfair to consumers, bad for businesses that rely on efficient networks to do their jobs, and bad for online retailers that need consumers to trust and enjoy their online experience. We will continue to side with consumers in their fight for control of their desktops."
The suit follows an extensive investigation in which the Attorney General's office documented Direct Revenue's practice of installing advertising software on computers without proper notice. In many cases, these spyware installations were instigated when Direct Revenue (or one of its distributors) advertised "free" applications (such as games or browser "enhancement" software), omitting reference to the spyware that would accompany any downloaded application. Once consumers downloaded these "free" applications, however, surreptitious code placed on their computers caused Direct Revenue's own servers to install its spyware, without notice to consumers.
The Attorney General's office also recorded several instances in which Direct Revenue's spyware was installed through silent "drive-by-downloads," i.e., downloads that took place without any notice at all to consumers.
The office documented 21 separate web sites through which this practice, known as "bundling," occurred. Among the names of the programs that Direct Revenue has downloaded in this way are "VX2," "Aurora," and "OfferOptimizer," each of which tracks consumers' web behavior and then delivers sequential pop-up ads to them.
Spitzer's office's investigation revealed that Direct Revenue and its officers deliberately designed spyware that, once downloaded, was extremely difficult for users to detect and remove. In many cases, the spyware reinstalled itself after removal by users.
The company's executives specifically highlighted the insidious nature of their product. For example Direct Revenue's then-CEO Josh Abram (a defendant in the lawsuit) boasted in an April 2005 email to a distributor, "We have a very stealthy version of our adware product which we're happy to give u... Don't worry. If we do a deal a build together these will not be caught."
Similarly, the company's Chief Technology Officer observed in 2005 that users "don't know how they got our software (this is both upgrade and recent install..." and that users "say that they are getting so many ads that it is annoying them."
The lawsuit further alleges that Direct Revenue and certain of its executives knowingly frustrated consumers' attempts to remove the downloaded software by requiring consumers intent on accomplishing removal to go to a separate web site (mypctuneup.com), turn off their firewalls and download additional "uninstall" software.
The suit specifically names, and seeks relief and penalties from, the company's founders and chief officers Joshua Abram, Alan Murray, Daniel Kaufman, and Rodney Hook. Numerous emails submitted with the lawsuit document these individuals' knowledge of and participation in the underlying fraudulent practices. The four individual defendants in the lawsuit have owned a majority of the company's stock since its inception.
A leading Internet privacy advocate praised the suit and the Attorney General's effort to battle harmful spyware: "The practice of forcing consumers into downloading software they neither want nor need has threatened the essential trust that lies at the heart of Internet communication. Aggressive law enforcement is an essential component in the ongoing fight to stem the tide of unwanted spyware. We applaud Attorney General Spitzer for attacking this problem at its source and for sending a message that years of illegal behavior will not go unanswered," said Ari Schwartz, Deputy Director of the Center for Democracy and Technology.
The suit arises under New York's General Business Law, which prohibits false advertising and deceptive business practices; its Penal Law, which prohibits computer tampering; and its common law prohibitions against trespass.
The case is being handled by Assistant Attorney General Justin Brookman of Spitzer's Internet Bureau, under the direction of Kenneth Dreifach, who is Chief of the Internet Bureau. Investigative assistance on the case was provided by Internet Investigator Vanessa Ip and Fraud Analyst Sibu Thomas.