Just like every decent marketer out there, vendors of commercial malware tools are very good at positioning their tools. However, their pitches often contradict with themselves in a way that what's promoted as a Remote Administration Tool, has in fact built-in antivirus software evading capabilities, rootkit functionality and tutorials on how to remotely infect users over email.
This fake positioning is finally receiving the necessary attention. CyberSpy Software LLC, a popular vendor of such commercial spyware tools has been recently targeted by the U.S Federal Trade Commission, with the company's sites shut down already. Wish it was that simple.
"Defendants touted RemoteSpy as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” According to the FTC complaint, the defendants violated the FTC Act by engaging in the unfair advertising and selling of software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information. The FTC complaint also alleges that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients. The complaint further alleges that the defendants provided their clients with the means and instrumentalities to unfairly deploy and install keylogger spyware and to deceive consumer victims into downloading the spyware."
Going through a dozen of such tutorials and new releases courtesy of the illegal vendors of malware daily, the way commercial vendors explain the process of sending the malware is very similar to the way the illegal vendors do it :
"Now it is time to send out the file to the remote PC. In this guide we are using Outlook Express on Windows XP. Click the Create Mail button to open a new mail window. Click ATTACH and navigate to where you saved your Realtime-Spy file you created previously. Click on the file and then click ‘Attach’ to attach the file to your email. You will now have to enter a recipient for the file you are sending, as well as an email subject and body. Notice the size of the Realtime-Spy file - it should be approximately 100-115kb at all times! Once you are ready to go click Send to send the email! Note: Users will only appear after they have downloaded and executed the file you have sent them."
Vendors of commercial malware are naturally vertically integrating by not only offering malware for PCs, but also, actively developing mobile malware applications. Both of these are then actively advertised through popular advertising networks, but are mostly driving their traffic from affiliate based programs.
What's the antivirus vendors take on this particular piece of commercial malware? Labeled as a surveillance tool or spyware, the majority of them already detect it. Anyway, such shut down operations must be done in a "bulk fashion" with a great deal of other commercial malware and keylogging software vendors whose products still remain active online. For instance, the following brands remain active and are operated by other companies whose network of affiliates is reaching a wider audience, with some of the vendors allowing affiliates to re-brand leading to new names for old commercial malware :
"Keystroke Spy, Keylogger Pro, Key Spy Pro, KeyCaptor, Keylog Pro, Invisible Keylogger, SpyAgent, SpyBuddy, Golden Eye, CyberSpy, Screen Spy, AceSpy Spy, SniperSpy, RemoteSpy, Realtime Spy, SpyAnywhere, RemoteSpy, KeySpy Remote, Catch Cheat, Silent Logger, Email Spy Pro; WebMail Spy; Spy Mail; Stealth Email Redirector, Perfect Keylogger for Mac OS X, "
With CyberSpy Software LLC's site now shut down, it would be interesting to monitor whether another company would brandjack the popularity of their products.