Microsoft Files Lawsuit over Jessica Simpson-Themed Spyware

A day after the FTC took action against an organization accused of distributing Trojan viruses using celebrity-themed screensavers, Microsoft has filed its own lawsuit against the company under Washington state's anti-spyware laws.

Microsoft announced Nov. 14 that it has filed a lawsuit against an organization believed to be responsible for attacking users with spyware programs hidden in celebrity-themed screen savers, including some bearing pictures of pop singer Jessica Simpson.

One day after the United States Federal Trade Commission took its own legal action against ERG Ventures, its affiliates and its operators in the companys home state of Nevada, Microsoft brought its own lawsuit against the firm accusing it of violating the Washington Computer Spyware Act and the Washington Consumer Protection Act.

Specifically named in the lawsuit was Timothy P. Taylor, the alleged chief of ERG, along with affiliate company Media Motor.

In its suit, Redmond, Wash.-based Microsoft claims that Taylor and other parties used screen savers, including those featuring pictures of popular celebrities, to surreptitiously install unwanted software on users computers.

Applications delivered in the ERG screen savers included so-called Trojan horse malware programs that loaded spyware onto infected machines, according to the lawsuit.

Microsoft alleges in its lawsuit that the defendants distributed their programs through sites built to end users, including a site that uses the brand name of well-known golf equipment manufacturer Taylor Made.

Once installed, the Trojan applications would reportedly dial out and download numerous other programs that would saddle users computers with pop-up advertisements, track their Web usage habits, redirect infected browsers to suspicious URLs, add desktop icons to Windows and change the registry settings on Windows PCs, Microsoft said.

The software giant said the applications also violated Washingtons laws by installing themselves without giving users sufficient notice, or gaining their consent.

Microsoft said the programs installed themselves when users took appropriate steps to stop them from being downloaded onto their machines.

Calls to a number listed by ERG in Nevada seeking comment on the lawsuit were not immediately returned.

The Microsoft action comes a day after the FTC announced that Judge Howard McKibben of the U.S. District Court for the District of Nevada issued a temporary restraining order against ERG and its affiliates.

The court said in its ruling that ERG tricked consumers into downloading programs that degraded the performance of their computers, spied on their activities and exposed them to disruptive ads.

The Nevada case specifically charges that the Media Motor programs were responsible for acting as the Trojans for downloading other attacks.

The FTC asked the court to order a permanent halt to the "deceptive and unfair" downloads, and to order the outfit to give up any profits related to the controversial programs.

The FTC contends that ERG and Taylor violated the law by failing to disclose to users that its programs were bundled with malware, along with the use of a deceptive EULA (end user license agreement).

/zimages/5/28571.gifClick here to read more about spyware that hides at celebrity-focused Web sites.

The agency specifically cited Microsoft as key to its efforts to bring a stop to ERGs business practices.

"These defendants were packaging a broad array of unwanted and intrusive programs with seemingly innocent programs," said Scott Stein, senior attorney with the Internet Safety Enforcement Team at Microsoft, in a statement.

"They didnt tell users about the numerous hidden programs that would be installed with the screen savers, and provided only an illusory option to stop installation. We have a responsibility to help protect our customers and to do whatever we can to prevent this kind of practice."

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK SecurityWatch blog.