Microsoft, Washington AG Sue Alleged Spyware Company

Microsoft Corp. and the Washington state attorney general have filed lawsuits against antispyware software vendor Secure Computer LLC, alleging that the White Plains, New York, company’s Spyware Cleaner software not only fails to remove spyware as advertised, but makes changes to users’ computers that make them less secure. The attorney general’s lawsuit is the state’s first to be filed under Washington’s 2005 Computer Spyware Act.

Washington’s 16-count lawsuit was filed Tuesday in U.S. District Court in Seattle, and follows investigations by both Microsoft and the Attorney General’s High Tech Fraud Unit. In addition to the Spyware Act violations, the lawsuit accuses Secure Computer of violating the state’s Commercial Electronic Mail and Consumer Protection Acts, as well as the federal CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act, said Washington Attorney General Rob McKenna in an interview.

“What this company has been doing is marketing its Spyware Cleaner product using false and deceptive means and also corrupting computer users’ hard drives as a result of the so-called free scan that they offered to consumers,” he said.

The state’s lawsuit also names Secure Computer President Paul E. Burke and Web domain owner Gary T. Preston, both of New York state, as defendants. It further charges Zhijian Chen, of Portland, Oregon, Seth Traub, of Portsmouth, New Hampshire, and Manoj Kumar, of Maharashtra, India, in connection with the advertising of the product. No one at Secure Computer could be reached for comment Wednesday.

Microsoft has also sued Secure Computer, alleging that the company’s Spyware Cleaner e-mail and pop-up advertisements falsely suggested that Microsoft endorsed the product, said Nancy Anderson, vice president and deputy general counsel with Microsoft. “They were illegally using our name and our trademark to frighten consumers,” she said.

Microsoft’s lawsuit was filed Tuesday in U.S. District Court in Seattle, Anderson said.

Spyware Cleaner has been sold since about 2004 and the product has been marketed via “spam, pop-up ads and deceptive hyperlinks,” offering a free spyware scan, the attorney general’s office said in a statement. These scans inevitably detected spyware, even when none was present and then instructed users to buy Spyware Cleaner. Once customers had paid the US$49.95 purchase price, the software would then erase the computer’s hosts file, which can used by the browser to block unwanted Web sites.

In tests, the state’s investigators found that Spyware Cleaner was unable to detect most genuine spyware programs and that it often falsely identified legitimate files as spyware. “We [tested] this on a computer when we had a fresh install and it falsely identified a number of programs as being spyware when really they were not,” McKenna said.

If the allegations in this case are true, Secure Computer could pay dearly. The Washington spyware act imposes a penalty of $100,000 per violation, and the company is also looking at penalties of $250 per violation of the CAN-SPAM Act, as well as $500 and $2,000 per violation, respectively, under Washington’s antispam and consumer protection laws.

Based on the money that Secure Computer has made off the product, McKenna estimated that thousands of users have been affected and that the penalties will amount “to millions of dollars.”

By Robert McMillan – IDG News Service (San Francisco Bureau)