Photo at vi.wikipedia.org
A recent legal case in the UK between singer Rhianna and fashion retailer Topshop has highlighted differences between publicity rights in the UK and some US jurisdictions. Rhianna sued Topshop for its sale of a t-shirt bearing a large photograph of her. Rhianna had not approved or endorsed the sale of the t-shirt; rather, an independent photographer had taken the picture and licensed it for use on the shirts.
In the United States, many jurisdictions have laws governing the right of publicity; that is, the right to control the use of your image for commercial gain, or to be compensated for the commercial use of your image. The UK, however, does not have corresponding laws on image rights. Instead, Rhianna had to allege that Topshop engaged in “passing off” the shirts as being endorsed by the singer, thereby damaging her goodwill and business. In support, Rhianna argued that the circumstances of the sale of the shirts were likely to mislead customers into thinking that she had endorsed the product because the photograph was similar to those used in official album promotions, the nature of the shirt itself, and the fact that Topshop is a major and reputable retailer.
The lower court considered Rhianna’s prior connections to the store in considering whether passing off occurred. It noted that Topshop had previously run a competition in which the winner was awarded with a shopping trip to Topshop. Also, only weeks before the shirts went on sale, Topshop tweeted that Rhianna was shopping at one of its locations. Against that background, the court noted that the particular photograph on the shirt could have led her fans to believe that it was associated with the marketing campaign for the album, since the particular hairstyle and scarf worn by Rhianna in the photograph were widely used in a music video and associated publicity.
Ultimately Rhianna’s passing off arguments were successful, and the court granted an injunction prohibiting Topshop from selling the shirts without informing customers that they had not been approved or authorized by Rhianna. However, it is interesting to think what the result might have been in an instance where it was more obvious that Rhianna had not endorsed the product; for instance, if the t-shirts were sold, not through a trusted retailer which has been associated with the singer but instead by an independent seller hawking t-shirts on the street corner. In such circumstances the case in favor of passing off may have been weaker and Rhianna might not have been able to control the use of her image.
In contrast, the outcome under such a scenario might be very different in a state like California, which has strong right of publicity laws. California Civil Code §3344(a) forbids the use of another’s likeness “on or in products, merchandise, or goods, or for purposes of advertising or selling, or soliciting purchases of, products, merchandise, goods or services, without such person’s prior consent…” The law establishes liability $750 or actual damages, whichever is greater, as well as “any profits from the unauthorized use that are attributable to the use and are not taken into account in computing the actual damages.” Punitive damages and attorney’s fees and costs are also available under the statute.
While Rhianna’s victory in UK court does not establish a right of publicity in the country, it does provide an interesting case study in the workarounds that celebrities must use in order to protect their image from being improperly used in jurisdictions which do not have a right of publicity.
Last week, without much attention, four new regulations affecting online gaming operations in New Jersey became effective under the authority of the Division of Gaming Enforcement. The rules include changes to directives on funding from social games, requirements for exclusivity, and operator server locations.
However, the fourth rule is an addition which deals specifically with celebrity endorsements. What is most notable about this tenet is not the content, but the fact that regulators in New Jersey believe that iGaming will soon become an industry that uses celebrities to promote and market itself to consumers.
Because we’re lawyers, here is the actual language of Rule 13:69O-1.4 (u.):
Internet gaming operators may employ celebrity or other players to participate in peer to peer games for advertising or publicity purposes. Such players may have their accounts funded in whole or in part by an Internet gaming operator. An Internet gaming operator may pay a fee to the celebrity player. If a celebrity player is employed and the celebrity player generates winnings which he or she is not permitted to retain, such winnings shall be included as Internet gaming gross revenue in a manner approved by the Division.
It may be argued that the word “celebrity” is being used loosely in this context, as there isn’t exactly a line of blockbuster A-listers or superstar athletes waiting for their chance to be the face of online poker. Yet the addition of this specific provision importantly points to the fact that the Gaming Division not only anticipates a future where iGaming will carry big name endorsers, but that it wants to encourage effective advertising and publicity for the industry, which has had a slow start in its first year since becoming legal in the state.
Regulators looking to update this rule in the future should consider adding language geared toward consumer protection – namely, prohibitions against the use of celebrity endorsements in a deceptive or misleading manner. Last year, the FTC updated its advertising guidelines to account for the use of celebrity endorsements in advertising, specifically in the context of paid social media endorsements. Those guidelines provide, among other things, that celebrity endorsements must be truthful and accurately reflect the opinions of the celebrity, that paid celebrity endorsements must be adequately disclosed, and that the celebrity be a bona fide user of the product or services he/she is endorsing.
These guidelines should equally be applied by regulators in the context of iGaming, where increased competition, as more operators come on board, may lead operators to one up each other by throwing money at celebrities to endorse their games. The key to effective iGaming regulation is not just limited to overseeing how the game is played, but also to ensuring that the operators don’t play games that would unfairly hurt the competition and mislead the playing public. Updating these regulations so they are more inline with the FTC’s advertising guidelines will further these goals.
Online diploma mills, which require little or no coursework to complete a degree have recently garnered much attention within the online education realm. Websites which offer questionable diplomas for hundreds of dollars target vulnerable consumers seeking a degree to improve their life prospects, while simultaneously casting a shadow over legitimate online educational institutions which offer accredited programs and a complete educational experience including coursework, teacher interaction, and grading. In the latest crackdown on online diploma mills, the Federal Trade Commission obtained a temporary restraining order against Diversified Educational Resources, LLC and Motivational Management & Development Services, Ltd., companies which generated millions of dollars by selling worthless high school diplomas to thousands of consumers.
According to the allegations of the FTC’s complaint, the defendants have been operating purported online education sites since 2006, under the names Jefferson High School Online and Enterprise High School Online. The FTC alleges that the websites misleadingly represent that these are accredited schools by saying that the defendants “[p]rovide a respected and recognized high school diploma equivalency program,” that students completing the program will be “high school graduates,” and that the schools are registered with the Florida Department of Education. While the latter statement is technically true, the websites do not reveal that registering with Florida’s School Choice Program does not mean that the programs are accredited but rather, according to the complaint, registration is merely a “ministerial act, based solely on their own self-reported answers to Florida’s annual private school survey” which the Florida Department of Education does not verify. The truth of the accreditation status can only be found buried in dense paragraphs of text, in which the defendants note that they are “actively pursuing accreditation options” although they have not applied for any yet.
Consumers paid $200 to $300 to register on the websites. Those fees did not entitle them to any coursework, education, or test preparation. Rather, customers were immediately prompted to take a “test,” which was nearly impossible to fail because the websites provided hints to ensure that customers passed. After passing the test, customers received diplomas bearing the name “Jefferson High School Online” or “Enterprise High School Online.”
The “diplomas” that the defendants issued to customers were useless, according to the FTC. Many customers learned that their diplomas were invalid after unsuccessfully attempting to use them to apply to jobs, enroll in college, or join the military. Further, unsatisfied customers who sought a refund were refused, according to the FTC. Through this scam, the complaint says, the defendants collected over $11 million since 2009 without providing a real education product or service.
The U.S. District Court for the Southern District of Florida issued a temporary restraining order and asset freeze in response to these allegations, suspending the domain names and prohibiting any material misrepresentations regarding online education. The case remains pending in the Southern District of Florida and the defendants’ responsive pleadings are due in October.
The fact is that social media has connected us to each other in ways which seemed unimaginable only a few decades ago. Take for example the progression of social activism through online fundraising. Over the course of two short months the ALS Ice Bucket Challenge (“IBC”) went viral with millions of videos being posted by people drenching themselves in ice water in order to spread awareness and raise money for the research and treatment of ALS. To date, the total amount of donations made to the ALS Association through the IBC is an unprecedented $114 million. The Association’s FAQs webpage regarding the IBC indicates that this amount is almost five times its annual overall budget.
The ALS Ice Bucket Challenge is also a good example of the online phenomenon of crowdfunding, where numerous individuals and groups pitch in to fund a project, cause or idea. Simply put, crowdfunding is fundraising through social media. There are several popular crowdfunding websites, however one of the most well-known sites is Kickstarter.com, which was launched in 2009, and boasts the facilitation of $1 billion in contributions by seven million backers who have so far funded 69,000 “creative projects” through the site. However, as is common when dealing with new technology, there are often unanticipated legal aspects of such innovation which can be problematic.
Earlier this year, the first crowdfunding consumer protection lawsuit was filed in the state of Washington (State of Washington v. Altius Management, LLC; Edward J. Polchlopek III (No. 14-2-12425-SEA)). In late 2012, defendant Ed Nash, as he is known, and his company Altius Management, were successfully funded through a Kickstarter campaign to produce a limited-edition playing card game called Asylum. According to the campaign page, backers exceeded Nash’s goal of raising $15,000, giving more than $25,000 in total for the promise of the card game to be made. In addition, many of those who funded Nash’s campaign expected certain perks for contributing, referred to by Kickstarter as “rewards,” as was detailed in his campaign’s backer pledge amounts, which included multiple card decks and custom artwork according to varying contribution levels. However, two years later the card game has not been produced, backers have received no rewards or refunds and there has been no communication from Nash regarding the status of the Asylum project since July 2013.
With this being the first case of its kind, there is no precedent to see exactly how these proceedings will develop or how this case will affect Kickstarter and other crowdfunding websites. We suspect it will proceed like many of the other cases we write about in the internet space. One thing is certain, whether they are made online or in person, people don’t like broken promises.
In this health-conscious age, consumers are always on the lookout for new products which will improve wellness and quality of life. Marketers attuned to this trend may be tempted to increase sales by extolling the virtues of their products, even if health claims are unsubstantiated by scientific testing. A recent FTC case, however, demonstrates the price that advertisers pay for overstating health claims.
The FTC filed a case against TriVita Inc., a dietary supplement company, for its marketing of the Nopalea cactus juice drink. The beverage was widely advertised in television infomercials and online as an “anti-inflammatory wellness drink.” Nopalea includes juice from the nopal cactus, also known as the “prickly pear.” TriVita’s “Chief Science Officer” stated that the nopal cactus is proven to reduce inflammation, which he linked to Alzheimer’s disease, allergies, diabetes, and heart disease. TriVita sold each 32-ounce bottle of Nopalea for $39.99, plus shipping and handling.
According to the FTC’s complaint, the Nopalea infomercial was one of the most frequently aired commercials in the United States. The ads stated that the juice would relieve pain, reduce swelling in joints and muscles, and improve breathing. Infomercials featured “customer testimonials” in which individuals stated that Nopalea helped relieve them of symptoms of a wide variety of conditions, including inflammation, chronic pain, respiratory conditions, and skin conditions. However, the FTC alleged that these individuals were paid for their endorsements, a fact not sufficiently disclosed in the advertisements. When customers called the toll-free number advertised, sales representatives told customers that Nopalea would make them “pain-free,” according to the FTC’s complaint. The health representations had not been substantiated with scientific studies at the time they were made.
The FTC filed its complaint and request for permanent injunction on July 10, 2014. On July 11, the FTC filed a stipulated settlement order in which TriVita agreed to forfeit $3.5 million to the FTC. The order prohibits the defendants from marketing Nopal cactus products using unsubstantiated or misleading health claims, and from using paid endorsers unless any material connection between the individual and the company is clearly and prominently disclosed.
The multi-million dollar settlement in this case should serve as a warning to marketers who are tempted to overstate health claims in order to generate traffic and sales. The FTC takes health claims seriously and reviews health-related ads with extra scrutiny, so specific claims should only be made when supported by solid, scientific proof, and any paid testimonials should be clearly disclosed. As the cactus juice company learned, failure to comply with these standards will lead to a prickly situation.
Herbalife Hit with Civil Investigative Demand – Is the FTC Finally Turning up the Heat on Multi-Level Marketers?
For many, the announcement two weeks ago that the Federal Trade Commission has commenced a formal investigation into Herbalife was not terribly interesting. After all, nutritional supplement company Herbalife has been the focus of intermittent media attention since December 2012 when Wall Street hedge fund manager Bill Ackman claimed that it was an illegal pyramid scheme, and its business practices have already drawn the scrutiny of the Securities and Exchange Commission.
On the other hand, because the FTC focuses on deceptive trade practices, its investigation into Herbalife– and the allegation that it constitutes a pyramid scheme – may offer a valuable opportunity for the FTC to clarify its rules on what constitutes a pyramid scheme and what a multi-level marketing (MLM) company can or must do to protect itself from the accusation.
The MLM industry has been an established networking sales model for several decades. The FTC defines “multi-level marketing” as networking that uses individuals to sell products by word of mouth or direct sales where distributors typically earn commissions not only for their own sales, but for sales made by the people they recruit. MLM has become increasingly popular in recent years – and for good reason given that it has become extremely profitable: A 2012 study reported the MLM industry was worth approximately $30 billion.
The sole FTC guidelines for MLM arose from litigation in 1979 when the FTC accused the MLM Amway of operating an illegal pyramid scheme. (Amway ultimately prevailed four years later.) The case gave rise to what is known as the “Amway Safeguard Rules”– a set of rules relating to distributors that Amway had in place that protected itself from the FTC accusation that the company was a pyramid scheme. As described in the administrative law judge’s decision, these three critical criteria provided an “umbrella of legal protection”:
1. Amway required its representatives to engage in retail selling, under the “ten retail customer police,” which appeared in the agreement that representatives signed upon enrollment. This rule required that representatives make 10 sales to retain customers as a qualification for eligibility to receive commission and bonuses on sales/purchases made by other representatives in their personal sales organization.
2. Amway required its representatives to sell a minimum of 70 % of previously purchased products before placing a new order. (Amays’ rules recognize “personal use” for purposes of the 70% rule.)
3. Amway had an official “buy-back” policy for unsold, unopened inventory. This policy had some reasonable restrictions, including a specified maximum length of time since the item was originally purchased by the representative and that the item was still current in the company’s product offerings to consumers. The policy also included a minimal “restocking” fee. (Buy-back policies are significant especially for protection of representatives who choose to terminate their affiliation with a company, and do not want to be “stuck” with unsold inventory.)
By adhering to these rules, MLM companies gain some protection from pyramid scheme accusations. And, aside from a staff advisory opinion in 2004, the FTC has offered little or no further guidance on what it perceives as a pyramid scheme and what companies can or must do to show that their businesses are legitimate and legal.
Will the FTC use the Herbalife investigation to provide greater guidance for MLM companies? To do so would be in the interests of MLM companies, the regulators themselves, and those in the financial services industry who have taken great interest – and large financial positions – in MLM companies.
A California court ruled earlier this month that Overstock must pay a roughly $6.8 million penalty to settle claims that the retailer “routinely and systematically” made false and misleading claims about the prices of its products on its website. If upheld, this ruling could have significant effects on how companies use price comparisons in advertisements in the future.
A group of California District Attorneys sued Overstock in 2010 for $15 million, alleging that Overstock was deceptive in the way it determined and displayed price comparisons on its website. Overstock used a comparative advertising method based on price, which is commonly referred to as “advertised references prices” or “ARPs” that showed the price of a certain product on Overstock compared to the price of the same product from a different retailer. The lawsuit alleged that the ARPs that Overstock used were false or misleading because Overstock employees chose the highest price that they could find as an ARP or constructed ARPs using arbitrary formulas. The lawsuit alleged that as a result of Overstock’s method of constructing its ARPs, its savings comparisons were inflated.
A California state judge’s tentative ruling earlier this month levied civil penalties against Overstock of just over $6.8 million. The court dismissed some of the claims in the lawsuit, but found that Overstock’s pricing comparison violated the state’s laws on unfair competition and false advertising.
The court also issued an injunction that prohibits Overstock from comparison price advertising unless it is done in conformity with a lengthy set of court mandated practices outlined in the opinion. Among those requirements, the court ordered that Overstock explain its pricing more clearly on its website, including a disclosure of how it computes the price comparisons. The ruling also prohibits Overstock from setting average retail prices based on anything other than the actual retail price offered in the marketplace.
Overstock has said that they plan to appeal the court’s ruling by arguing that the court’s decision is misreading California law and is holding the company to a higher standard than other e-commerce sites. If this ruling is upheld, this could have a significant ripple effect on retail advertising for both online and brick-and-mortar businesses. Almost every state has a law regarding deceptive pricing in advertisement, and the Federal Trade Commission also has jurisdiction to pursue claims against deceptive advertising in price comparisons. Companies need to be aware if they are using comparative price advertising that those advertisements, and the formulas for determining the prices on those advertisements, will be scrutinized by government agencies.
As the Federal Trade Commission (“FTC”) continues to flex its consumer protection muscles by bringing numerous administrative lawsuits, industry and members of Congress are questioning whether there is a level playing field that allows companies to properly defend themselves against FTC charges. Or, as some say, does the FTC have the “home court advantage” in its role as investigator and prosecutor, armed with very broad authority under Section 5 of the FTC Act –leaving many companies to decide simply to settle rather than face the Goliath FTC. However, some companies have been bucking that trend recently and challenging the FTC’s authority (particularly in the area of regulating data security and FTC officials’ impartiality.
As background, the FTC may begin an enforcement action if it has “reason” to believe that the FTC Act is being or has been violated. Section 5(a) of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce.” The FTC also enforces several other consumer protection statutes, including the Fair Credit Reporting Act, the Do-Not-Call Implementation Act of 2003, and the Children’s Online Privacy Protection Act.
Under Section 5(b) of the FTC Act, the FTC can challenge “unfair or deceptive acts or practices” or violations of certain other laws (such as those listed above) in an administrative adjudication. The way this works is the FTC issues a complaint putting forth its charges. Many companies faced with such complaints inevitably settle with the FTC, rather than endure an administrative trial. Those companies that contest the charges face a trial-type proceeding before an FTC administrative law judge. FTC staff counsel “prosecute” the complaint. The administrative law judge later issues an initial decision. Either party can appeal the initial decision to the full FTC for review.
Many observers, including the American Bar Association, have criticized this situation — where the FTC acts as both prosecutor and judge — as inherently unfair. After the FTC’s decision, the respondent organization (or individual)may appeal to a federal court of appeals. However, at this point, an extensive record has been made and this assumes an organization or individual has the resources to devote to a federal appeal. (In addition, the FTC can also bring consumer protection enforcement directly in court rather than through administrative litigation).
The FTC’s winning record in these administrative proceedings has many observers questioning the process and the FTC’s potential impartiality. House antitrust chairman Spencer Bachus (R-Ala.) called out the FTC’s apparent lack of impartiality and fairness, stating “ a company might wonder whether it is worth putting up a defense at all.”
Just a couple weeks ago, however, medical testing company LabMD went on the offense and sought the disqualification of an FTC Commissioner. Facing an administrative proceeding relating to its alleged failure to secure patient information data, LabMD moved to disqualify Commissioner Julie Brill from consideration of its case. LabMD claimed that the Commissioner made numerous statements at industry conferences prejudging its ongoing litigation. Specifically, LabMD claimed Brill stated LabMD that had violated the law, rather than indicating that LabMD was under investigation or in litigation. The FTC opposed the disqualification. However, Commissioner Brill voluntarily recused herself from the case on Christmas Eve to avoid “undue distraction” from the administrative litigation.
As the FTC litigates in several key areas – data privacy, financial services, credit repair, telemarketing – we expect administrative litigation will increase in 2014. While some companies will continue to settle to avoid continued litigation expenses and possible further detrimental outcomes, we think others will take the LabMD route and seek relief when they believe the processes are not transparent or the FTC is exceeding its authority.
New year, new resolutions. Yesterday, the FTC announced a resolution of its own: to undertake a nationwide enforcement effort to protect consumers against deceptive weight loss claims. Dubbed “Operation Failed Resolution,” the FTC’s latest enforcement effort seeks to protect consumers who face a barrage of “opportunistic marketers” promising quick ways to shed pounds. According to the FTC, these marketing tactics cause millions of dollars of consumer injuries and encourage people to postpone important changes to diet and exercise.
To announce this new initiative, the FTC held a press conference in which it identified four significant enforcement actions: (1) Sensa – a flavored powder that claims to cause weight loss when sprinkled on food; (2) L’Occitane Inc.– a skin cream that promised to shave inches off consumers’ bodies; (3) HCG Diet Direct – a product based on the human chorionic gonadotropin hormone; and (4) LeanSpa – a dietary supplement. Collectively, these four enforcement actions total $44 million in potential recovery for consumers.
All four enforcement actions shared one common thread – claims of quick and easy weight loss that were not supported by evidence. Many of the ads in question touted substantial weight loss without diet or exercise simply by using the product alone. Although some of these marketers cited clinical studies that supported their claims, the FTC said that the so-called “independent” studies were largely fabricated. The FTC also took issue with consumer endorsements, which failed to disclose that the consumers were paid for their testimonials or that the consumers were related to the owner. The FTC also scrutinized so-called physician endorsements. According to the FTC, marketers failed to disclose that their endorsers were compensated to the tune of $1,000-$5,000 and free trips.
Yesterday’s press conference is not the first time that the FTC has taken action against deceptive weight loss claims. In 2011, we reported on 10 lawsuits filed by the FTC against marketers behind the ubiquitous “1 Tip for a Tiny Belly” ads, which the FTC claimed were a scheme by marketers of diet and weight loss products to grab consumer credit card information and pile on additional, unapproved charges.
Although deceptive weight loss claims are not a new phenomenon, the FTC announced yesterday that it is taking a new approach to cracking down on these types of ads. The FTC is now encouraging media outlets that run these ads to conduct a “gut check” and turn down spots with bogus claims. Yesterday’s press conference was a call to action for both consumers and media outlets to help the FTC track down deceptive weight loss marketers, which can mean only one thing – more widespread enforcement efforts against marketers of dietary supplements. The FTC does not comment on non-public investigations and would not comment on whether these enforcement efforts would result in criminal enforcement from other agencies. One thing is for certain, however: If you make a claim about your weight loss product, you’d better be able to back it up.
ZeroAccess is one of the world’s largest botnets – a network of computers infected with malware to trigger online fraud. Recently, after having eluded investigators for months, ZeroAccess was disrupted by Microsoft and law enforcement agencies.
Earlier this month, armed with a court order and law enforcement help overseas, Microsoft took steps to cut off communication links to the European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Microsoft also took control of 49 domains associated with ZeroAccess. Although Microsoft does not know precisely who is behind ZeroAccess, Microsoft’s civil suit against the operators of ZeroAccess may foreshadow future enforcement efforts against operators alleged to have illegally accessed and overtaken people’s computers.
ZeroAccess, also known as max++ and Sirefef, is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system. Victims’ computers usually fall prey to ZeroAccess as the result of a drive-by download or from the installation of pirated software. Essentially, ZeroAccess hijacks web search results and redirects users to potentially dangerous sites to steal their details. It also generates fraudulent ad clicks on infected computers then claims payouts from duped advertisers.
The Microsoft lawsuit, originally filed under seal in Texas federal court, alleges, among other things, violations of the Computer Fraud and Abuse Act (“CFAA”) (18 U.S.C. §1030), the Electronic Communications Privacy Act (18 U.S.C. §2701), and various trademark violations under the Lanham Act (15 U.S.C. §1114 et seq.). Microsoft secured an injunction blocking all communications between computers in the U.S. and 18 specific IP addresses that had been identified as being associated with the botnet. The company also took control of 49 domains associated with ZeroAccess. Microsoft took action against ZeroAccess in collaboration with Europol’s European Cybercrime Centre, the FBI, and other industry partners. As Microsoft enacted the civil order obtained in its case, Europol coordinated law enforcement agency action in Germany, Latvia, Luxembourg, the Netherlands and Sweden to execute search warrants and seize servers associated with the fraudulent IP addresses operating within Europe.
The federal statutes on which Microsoft relied in its lawsuit may be broad enough to capture the gravamen of the complaint here. For example, the CFAA was enacted in 1986 to protect computers that there was a compelling federal interest to protect, such as those owned by the federal government and certain financial institutions. The CFAA has been amended numerous times since it was enacted to cover a broader range of computer related activities and there has been recent discussion on Capitol Hill of amending it further. The CFAA now prohibits accessing any computer without proper authorization or if it is used in a manner that exceeds the scope of authorized access. The law has faced steep criticism for being overly broad and allowing plaintiffs and prosecutors unfettered discretion by allowing claims based merely on violations of a website’s terms of service. In those cases in which ZeroAccess has accessed a user’s computer entirely without permission, there will likely be no dispute about whether the CFAA applies; however, in any follow-on cases in which the authority to access the computer was less clear, Microsoft may have more difficulty in relying upon this statute.
According to Microsoft, more than 800,000 ZeroAccess-infected computers were active on the internet on any given day as of October of this year. Although the latest action is expected to significantly disrupt ZeroAccess’ operation, Microsoft has not yet been able to identify the individuals behind the botnet, which is still very much intact. Microsoft’s attack is noteworthy in that it represents a rare instance of significant damage being done to a botnet that is controlled via a peer-to-peer system. But ZeroAccess has come back to life once before after an attack on it, and it would not be surprising if it recovered from this attack as well. Unless Microsoft or Europol can identify the “John Does 1-8”referenced in the complaint, this and other botnets will keep on operating without fear of reprisal.
The big question at this point is whether Microsoft’s actions will have an enduring impact beyond ZeroAccess. Will Microsoft’s actions spur other private companies to take steps of their own to stop malicious software? That answer remains to be seen.