The Federal Trade Commission reached a settlement recently that blocks a company called CyberSpy Software from advertising a keylogger program as a "100% undetectable" way to "Spy on Anyone."
The settlement requires the software provide notice the program has been downloaded and obtain consent from the computer owners before it can be installed. The keylogger - known as RemoteSpy - was the subject of a 2008 suit the FTC filed against CyberSpy and its owner, Tracer Spence. According to the FTC, the company provided its clients with detailed instructions explaining how to disguise the spyware as a benign file, such as a photo attached to an e-mail.
"When the e-mail recipient clicked on the attachment, the RemoteSpy program was downloaded and installed without the victim's knowledge," according to the FTC. "The spyware recorded every keystroke typed on an infected computer; captured images of the computer screen; obtained passwords, and recorded Websites visited. To access the information gathered and organized by the spyware, RemoteSpy clients logged into a Website maintained by the defendants."
The final order bars CyberSpy from providing purchasers with the means to disguise the product, and requires they inform customers that improper use of the software may violate state or federal law. In addition, the company must "take measures to reduce the risk that their spyware is misused, encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers on which it was previously installed."