Spyware company goes undercover

Spyware company goes undercover

Summary: A controversial spyware developer has disappeared from the Internet after concerns were raised about the methods it used to acquire sensitive information

SHARE:
TOPICS: Networking
3

A US-based spyware developer appears to have taken down its Web site after a storm of bad publicity over its practice of tracking individuals' surfing habits as well as gathering credit card information and other personal data entered online without their knowledge.

The furore over US-based software company VX2 erupted last week when several spyware-watching Web sites highlighted the issue. VX2's Sputnik program is currently incorporated into a free screensaver download for the Internet advertising company Aadcom, and has been used by file-sharing services such as AudioGalaxy.

Spyware is any software that employs a user's Internet connection in the background without their knowledge or consent. The VX2 programme uses this model to profile Internet users for commercial gain. Once downloaded, it tracks the Web sites that the user visits, and serves fake pop-up adds that purport to be coming from authentic Web sites. It also admits to collecting personal information on individuals from online forms.

A policy statement on the VX2 Web site attempted to reassure individuals that their sensitive data was handled correctly. The declaration read: "We have undertaken technical measures to make sure that VX2 never collects credit card numbers, account numbers or passwords. If such data were, despite VX2's best efforts, ever inadvertently collected VX2 would immediately purge such information from its database."

But in the wake of the online publicity wave, VX2's Web site appears to have disappeared. Attempts to contact the company have been unsuccessful, so it has not been able to verify this statement.

The UK Data Protection Act 1998 requires data controllers to be explicit in their handling of customer data, and insists that all information is held for no longer than the necessary billing period. It also provides individuals with the opportunity to opt-out of their personal data being compiled.

But US-based spyware companies such VX2 currently escape the jurisdiction of UK law, which creates huge privacy implications for Internet users here.

"The only thing that the UK government could do -- and there is dispute over whether this should be the Home Office or DTI -- is to warn the public of the dangers. There is nothing much more that can be done," said Peter Sommer, a research fellow in computer security at the London School of Economics. "It could be a complicated vote-winning situation."

The government admits that spyware is "an issue" to be addressed. "We would recommend that it is only used with the consent of the data subject," said a government source. "If this is not gained, it will be a breach of the Data Protection Act."


Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.

Topic: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • I have had VX2\? on my system for months and months i ave have dowloaded at least 5 adware/spyware (lavasoft,searchand destroy, spyware killer2.1, x cleaner , x-reg block amost a few of them and evertime i re- boot after using these or search and destroy find vx2\? software destiny its says "fix this" i do then i re-boot and sure enough its there gain its a total invasion of privacy and sick of seeing this spyware on my system
    anonymous
  • Had similar problem. For some time, VX2.dll has been giving problems, suddenly it would start causing Explorer to crash. To cure that required a System Restore, which then caused Norton Antivirus to crash the machine, so needed to uninstall & reinstall NAV. All very messy & painful. So this time around I dug a bit deeper, found the scares about VX2 so I downloaded & ran Adaware to clear it out.
    It looks as if Adaware locates & deletes only the registry entries related to these Spyware programs, rather than the files containing the code itself. So, OK that meant VX2 wasn't loading itself on startup, but I have had to manually delete the VX2.dll file to actually purge it from my machine.
    cheers
    AL
    anonymous
  • http://www.wilderssecurity.com/showpost.php?p=160275&postcount=4

    howto remove on win XP and win 2000
    anonymous