The Federal Trade Commission (FTC) began to receive complaints that consumers were being hoodwinked into buying bogus anti-spyware software that falsely claimed to clean spyware from their computers. The FTC hired Stroz Friedberg to investigate these claims and to analyze a product known as Spyware Assassin.
Stroz Friedberg created a forensically pure computer system on which to perform its testing and then visited the web site offering the Spyware Assassin program for sale. Examiners ran the “free scan” offered at that site and found that it generated an automatic alert claiming that the test computer contained “dangerous spyware virus infections,” even when the clean test system contained no spyware.
Next, Stroz Friedberg purchased and loaded the full version of Spyware Assassin and recorded before-and-after forensic snapshots of the test system at various stages. Examiners also extracted and analyzed data in the computer’s memory and found that Spyware Assassin really just ran an old copy of a program called “ScanSpyware.exe” This program not only reported false positives, but after examiners introduced known adware or spyware, the program failed to detect or remove key components because Spyware Assassin merely scanned and removed data based on their file names and sometimes their locations, but not based on their unique contents or executable code. In the end, Stroz Friedberg found that 13 out of 14 known pieces of spyware continued to run after Spyware Assassin’s removal stage, and from a user perspective, unwanted ads and purple gorillas continued to crowd the screen on Stroz Friedberg’s test system.
Stroz Friedberg presented its findings in an affidavit filed in federal court, and it was part of the evidence used by the FTC to obtain a Temporary Restraining Order against the distributors of Spyware Assassin.