It's been a good day for the Federal Trade Commission, which has spanked Sony BMG for its surreptitious installation of nasty-ware and an adult Web site that - gasp - was responsible for the sending of x-rated spam.

Sony BMG agreed to pay up to $150 for each computer damaged in its secret scheme to load spyware-laced DRM software on its customers' machines. Not only did the software (a) load with no warning (b) report users' listening habits to a Sony BMG-controlled server, (c) prevent copying that may be protected under the fair use doctrine and (d) open a gaping hole that could have allowed online criminals to completely own the machine, but Sony also (e) rained down salt in customers' wounds by suggesting their complaints over the practice were trivial.

The settlement could represent a bitter dose for Sony if enough infected users - estimated by one researcher (http://news.com.com/Sony+rootkit+victims+in+every+state,+researcher+says/2100-1029_3-6027857.html) to range from 100,000 to 1m - claim their stake. The record label has already settled state claims (http://www.theregister.com/2006/12/20/sony_rootkit_drm_settlement/) in California and Texas, which call for Sony to pay up to $175 to CD buyers who were stung.

Sony's remorse is a far cry from defenses erected in late 2005 when one exec famously remarked: "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

Also crying uncle was TJ Web Productions, which agreed to pay $465,000 to settle charges that the spam campaign it initiated failed to comply with an FTC rule requiring sexually explicit spam to be marked as such and the CAN-Spam act, which dictates spam must display a physical address. ®

Related stories

FTC demands bigger spyware penalties (30 October 2007)
http://www.theregister.co.uk/2007/10/30/ftc_spyware_sanctions/
FTC fines three men $330,000 for pushing spyware (1 October 2007)
http://www.theregister.co.uk/2007/10/01/ftc_fines_spyware_defendants/
Sony to exorcise 'rootkit' from USB drives (4 September 2007)
http://www.theregister.co.uk/2007/09/04/sony_fingerprint_rootkit_update/
Webmaster pays $3,300 to settle malware charges (1 March 2007)
http://www.theregister.co.uk/2007/03/01/ftc_spyware_settlement/
FTC green lights BrocData (24 January 2007)
http://www.theregister.co.uk/2007/01/24/ftc_brocdata_approval/
FTC launches crackdown on work-at-home scams (13 December 2006)
http://www.theregister.co.uk/2006/12/13/homeworker_scam_crackdown/
Spyware firms pay token fines to FTC (22 November 2006)
http://www.theregister.co.uk/2006/11/22/ftc_spyware_settlement/
Security firm Guidance settles FTC breach charges (17 November 2006)
http://www.theregister.co.uk/2006/11/17/ftc_guidance_negligence_rebuke/
FTC fines notorious adware firm $3m (3 November 2006)
http://www.theregister.co.uk/2006/11/03/ftc_fines_zango/
FTC issues competition guidelines for Muni Wi-Fi (10 October 2006)
http://www.theregister.co.uk/2006/10/10/ftc_issues-muni_wifi_guidelines/
FTC forces P2P website to pay back subscribers (30 May 2006)
http://www.theregister.co.uk/2006/05/30/ftc_p2p_settlement/