The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling "100 percent undetectable" keylogging software. The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling “100 percent undetectable” keylogging software.Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else’s computer.To prevent its program from being used illegally, CyberSpy must make changes to it to prevent surreptitious installation, and “encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers,” the FTC said in a statement.The FTC sued CyberSpy in November 2008 in an effort to get it to change its business practices. CyberSpy used to advertise its product as a tool that let users “secretly and covertly monitor and record PC’s without the need of physical access.”Today, it’s billed as a tool that lets users spy on their own PCs — in order to keep tabs on children or employees. The company previously had provided detailed instructions on how to attach a RemoteSpy executable file to an e-mail message, disguised as a photo or legitimate file attachment, the FTC said.Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by e-mail filters.Spyware such as this can be a big headache for system administrators. In March, a surgical assistant named Scott Graham was sentenced to three years probation and ordered to pay US$33,000 in restitution to an Akron, Ohio, hospital, after a spyware program that he’d sent to an employee’s Yahoo e-mail address was inadvertently installed on a computer in Akron Children’s Hospital’s pediatric cardiac surgery department.The spyware product, called SpyAgent, captured about 1,000 screen shots containing confidential patient information and sent them to Graham, prosecutors said.Robert McMillan can be reached at robert_mcmillan@idg.com. He is on Twitter at: https://twitter.com/bobmcmillan. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe