Federal Court Dismissal of Suit by Alleged Malware Vendor Suggests Broad Immunity for Anti-Virus/Anti-Malware Providers

Posted by Ronnie London and Sarah Duran

The United States District Court for the Western District of Washington(state) has issued a decision in Zango, Inc. v. Kaspersky Lab, Inc. dismissing Zango’s claim relating to Kaspersky’s distribution of computer anti-virus/anti-malware software that, among other things, targeted Zango’s products as objectionable.* Taking a fairly broad view of “safe harbor” immunity built into the Communications Decency Act (CDA) – specifically, in Section 230(c)(2) of the U.S. Code title dedicated to Communications Law – the court rejected Zango’s claims that Kaspersky’s anti-virus software improperly identified Zango’s websites and ads as malware and thus constituted tortious interference with contract and business expectancy, and trade libel, and a violation of Washington state’s Consumer Protection Act. The case is significant because it suggests anti-malware vendors and distributors are entitled to absolute immunity to communicate with their customers about potential malware risks and facilitate their customers’ decisions about other companies’ software, without incurring liability to those companies.

Continue Reading...

One More at Bat? Another Antispyware Act Has Been Submitted to the House

Posted by Joe Addiego

On the heels of the February introduction to the House of the Securely Protect Yourself Against Cyber Trespass Act, aka the Spy Act (H.R.964), which remains scheduled for debate and was the subject of my March 16, 2007 blog post, earlier this month another antispyware bill, this one called the Internet Spyware Prevention Act of 2007 (I-SPY), was ordered reported in the House.

Continue Reading...

One More at Bat? Another Antispyware Act Has Been Submitted to the House

Posted by Joe Addiego

On the heels of the February introduction to the House of the Securely Protect Yourself Against Cyber Trespass Act, aka the Spy Act (H.R.964), which remains scheduled for debate and was the subject of my March 16, 2007 blog post, earlier this month another antispyware bill, this one called the Internet Spyware Prevention Act of 2007 (I-SPY), was ordered reported in the House.

Continue Reading...

Three Strikes and Spyware Is Out? Anti-Spyware Bill to Be Given Another At-Bat

Posted by Joe Addiego

Another version of the Securely Protect Yourself Against Cyber Trespass Act, aka the Spy Act (H.R.964), has been drafted and is set to make its rounds through the House. This version of the Spy Act is the third time such a law has been circulated. The first two times, they passed the House but were not approved by the Senate.

Continue Reading...

U.S. SAFE WEB Act of 2006

Posted by Charlene Brownlee

Congress approved S. 1608, the “Undertaking Spam, Spyware, And Fraud Enforcement with Enforcers beyond Borders Act of 2006,” (the US SAFE WEB Act of 2006) on December 9, 2006. The US Safe Web Act amends the Federal Trade Commission Act (FTCA) and improves the Federal Trade Commission (FTC)’s ability to protect consumers from international fraud by: (1) improving the FTC’s ability to gather information and coordinate investigation efforts with foreign counterparts; and (2) enhance the FTC’s ability to obtain monetary consumer redress in cases involving spam, spyware, and Internet fraud and deception.

Continue Reading...

Fluffy Doesn't Feel So Good: When Bad Computer Viruses Infect Good Dogs

Posted by Kaustuv Das

Earlier I had reported on Professor Shamir's announcement at RSAConference 2006 that it is possible to kill RFID tags using power consumption based attacks. Now, Melanie Rieback, Bruno Crispo, and Andrew Tanenbaum, all from the Computer Systems Group at the Free University of Amsterdam, have announced that it is possible to spread computer viruses and worms using RFID tags.

Continue Reading...

NY Times Keylogger Article

Posted by Kraig Baker

The New York Times had a prominent article this week about how, now that most of us are inured to the risks of phishing, sophisticated identity thieves are using "keyloggers." As readers of this blog probably already know, keyloggers are pieces of hardware or software programs that log each keystroke that a user inputs into his or her computer -- including passwords. Keyloggers aren't new -- there are cases in California and Florida addressing the use of keyloggers -- but their wide use as part of software programs and the corresponding wide distribution is the next escalation in the identity theft battle and will extend the risks of keylogging to a much larger segment.

Continue Reading...

Keyloggers May Be "Klogging" Security Efforts

Posted by Peerapong Tantamjarik

While probably old hat to espionage experts, the latest Newsweek had a brief article on the increasing prevalence of "keylogging" software programs, up 65% from 2004. Essentially, keylogging programs (I like the term "kloggers") are software programs designed to silently record each keystroke as the user types in information. So you can imagine how confidential information can be stolen if one's computer has a "klogger" on it. Through the software, even entering passwords or confidential information on legitimate websites may be prone to theft. Kloggers can also be physically installed on the computer and keyboard, but this would require physical access to the computer space. Klogging software can be installed legitimately through system adminstrators' or parents' access so they can monitor the keyboard activities of the computer users. Kloggers can also be maliciously installed through viruses, trojan horses, spyware - all the good stuff (and you thought phishing was annoying!). A good site for more information on keylogging, including anti-keylogging solutions can be found here. Maybe we'll see an uptick in digital plumbers to deal with these unwanted "klogs."

Lawsuits, Lost Sales and Lessons: Fallout From the Sony DRM/Rootkit Disaster

Posted by Brian Wong

Sony BMG Music Entertainment's (Sony) woes resulting from its XCP digital rights management (DRM) software continue. New York Attorney General Eliot Spitzer announced on November 23, 2005, that his investigation found that several major music retailers in New York and online continue to sell Sony music CDs that contain XCP software. He deemed it "unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves." Spitzer urged consumers not to buy the affected CDs, or, if they do, not to play them on their computers, and said consumers who have bought them should seek refunds. He noted that Sony has asked its distributors to make refunds available regardless whether the package has been opened.

Continue Reading...

Sony Music CD Woes, Continued

Posted by Brian Wong

Sony BMG Music Entertainment (Sony) has announced it will remove music CDs containing First4Internet XCP digital rights management (DRM) software from stores, and it will offer exchanges for discs already sold. As we explained here, the XCP DRM requires the installation of a rootkit deep within the Windows operating system in order for a PC to play the CD, and the rootkit represents a potential security flaw [UPDATE: Make that several flaws.] Sony stated that more than 20 titles have been released with XCP software, and of those CDs, over 4 million have been manufactured, and 2.1 million sold.

Continue Reading...

Select Sony/BMG Music CDs Include Invasive Digital Rights Management Software

Posted by Brian Wong

The term "rootkit" entered a broader public consciousness after researchers discovered that Sony BMG Music Entertainment (Sony) has included digital rights management (DRM) software on 19 music CDs that must be installed in order for a PC to play the CD. The software installs itself deep within the Windows operating system and hides itself from view using rootkit technology. It runs even when the CD is not being played, consuming system resources. The software is difficult to remove and the removal process can crash the computer and/or disable the computer's CD drive.

Continue Reading...

Spyware and Adware Guidelines Released

Posted by Peter Mucklestone and Stuart Louie

The Anti-Spyware Coalition, a collection of anti-spyware vendors and consumer groups, recently released guidelines for public comment to help consumers assess products designed to defend against spyware and adware — unwanted programs that can "bombard [the user] with pop-up ads and drain [a PC's] processing power to the point of rendering [the computer] unusable."

Continue Reading...

FTC Targets Spyware

Posted by Ronald London

The Federal Trade Commission has reported to Congress that spyware and other "malware" downloaded to consumers' computers without their consent is a serious and growing problem that harms consumers and the Internet, in testimony that coincided with new enforcement action the agency brought alleging a company distributed file-sharing programs that included spyware. In testimony before the Senate Commerce Committee's Subcommittee on Trade, Tourism, and Economic Development, FTC Chair Deborah Majoras stated that spyware causes problems that range from sluggish computer performance to lost personal data, and that the FTC has active programs targeting spyware concerns, including law enforcement initiatives. The testimony comes as Congress has before it several bills that would regulate spyware at the federal level.

Continue Reading...

Get Ready for Federal Spyware Legislation

Posted by Brian Bennett

Several federal spyware proposals would pre-empt state spyware legislation. Proponents of the federal proposals argue that the public is clamoring for the federal government to address the problems of spyware. Critics of federal spyware proposals point to the federal Can-Spam Act, which, by pre-empting stricter state laws, arguably may have increased the volume of spam. Critics warn that the same thing could happen with federal spyware legislation.

Mobile Phone Virus Outbreak Disrupts Company

Mobile phone viruses are not yet a major security problem because the volume of phones that have been effected worldwide is statistically negligible, but anecdotal evidence suggests that the threat posed by them appears to be growing. Anti-virus company F-Secure believes that some 55 mobile phone viruses are in circulation worldwide, and countries where cell phones are the most popular appear to be serving as unfortunate case studies. Two weeks ago, Reuters reported that a mobile phone virus spreading between phones via Bluetooth short-range wireless signals had infected scores of phones at the world athletics championships in Helsinki. Now, there are reports of a small company in Scandinavia dealing with a virus outbreak that spread quickly to some 20 employees within the company.

Continue Reading...