Spyware Lawsuit Alleges Computer Hijacking

The class-action lawsuit accuses DirectRevenue of using spyware to infiltrate users' computers, learn their Internet browsing habits and track their Internet use.

A recently filed class-action lawsuit against alleged spyware king DirectRevenue of New York claims that the company has deceptively downloaded harmful and offensive spyware to unsuspecting users computers.

The suit, filed in the Circuit Court of Cook County, Illinois, alleges that DirectRevenue LLC "unlawfully used and damaged plaintiffs computers to make money for themselves while willfully disregarding plaintiffs rights to use and enjoy their personal property."

According to the suit, the spyware infiltrated users computers to learn their Internet browsing habits and track their Internet use.

Further, the suit contends that DirectRevenue deceptively prevents users from removing its spyware, overwhelming computers with unsolicited advertisements.

DirectRevenues business model is to pay independent distributors—often small companies that dropped out of the spam business or that develop peer-to-peer file sharing or screensavers—several cents per installation to install its software.

"Those guys love to bundle additional software that tracks what people are doing," said Benjamin Edelman, a researcher studying spyware and a Ph.D. candidate at Harvard University.

"Sometimes we see that the affiliates that sign up design software that exploits security holes in Windows and Internet Explorer, and so as you are surfing a Web page, it installs the DirectRevenue software."

/zimages/2/28571.gifClick here to read more about spyware infiltrating IE through alternative browsers.

Sometimes, Edelman said, the way the company goes about its business is downright offensive.

In one video Edelman made last month, a DirectRevenue ad on Yahooligans, a childrens Web site, showed an American Express ad, while the Cartoon Networks Web site showed a gambling ad.

Spyware has proliferated a great deal recent years, according to research from Meta Group Inc. (now part of Gartner) of Stamford, Conn.

Meta reports that spyware is one of the most significant Internet-based security threats today, representing up to 40 percent of help desk calls.

Meta Group predicts that spyware will continue to remain a serious problem until at least 2008.

/zimages/2/28571.gifRead more here about lawmakers efforts to fight spyware.

The suit against DirectRevenue is somewhat different from other spyware cases, Edelman said, which have mainly been brought by Web sites protesting pop-up ads.

In one case, brought in 2002, the Washington Post and the New York Times sued the Gator online advertising network to stop the company from posting pop-ads on their Web sites without permission. The media outlets won that suit.

"This case is different, because its about sneaking on to peoples computers in truly underhanded ways," Edelman said.

"In some senses, though, that makes it an easier case. Its easy to prove that they are installing without permission. Its a lot like trespassing."

The case has a good chance of succeeding, Edelman said, and if it does, it should serve as a warning to others with similar business models. But more importantly, a win could open the floodgates for lawsuits against similar companies, he said.

"They should have been worried even before this case was filed, but they should be all the more worried now," he said.

DirectRevenue failed to respond to a request for comment.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.