Serve with integrity. Care about those you serve. Share the love in your heart & soul.

Thursday, February 21, 2008

#379 Sears Installed Spyware Caution

This information was attached to an email from a friend of mine. Apparently someone at a military installation discovered this situation and passed it onto others with the suggestion to pass it on. I did some search at snopes.com with no hits. However, upon checking out the links listed it did take me to the web sites that discussed the issue. I provide this for your information. You be the judge.

Sears.com is distributing spyware that tracks all of a customer's Internet usage including banking logins, account numbers, PINs, and passwords. Every Web site visitor who joins the Sears community installs software that acts as a proxy to every Web transaction made on the compromised computer. In other words if you have installed Sears software (created a profile at Sears.com) on your system, all data transmitted to and from your system will be intercepted.

Sears claims the practice is above board and covered in its end user license agreement, but security experts say the license agreement language is vague at best.

Below is an excerpt from their license agreement:

What information do we share and with whom?

Sears.com does not rent or sell customer information to outside marketers. We may share your information (as described above) with members of the Sears family of businesses to provide you with products or services that you have requested or to provide you with promotional offers that we believe will be of interest to you. The Sears family of businesses includes all Sears affiliates as well as other selected businesses with which Sears has a relationship and which have agreed to adhere to our strict standards for providing quality products and services, responding to your needs, and protecting Sears' customer information.

They neglect to tell you that one of the “businesses with which Sears has a relationship” is ComScore.

When network traffic is analyzed on a known compromised machine, all data is actually transmitted to the domain oss-content.securestudies.com (IP address: 209.247.230.166). The current registrant of the domain securestudies.com is not Sears but comScore. comScore is a market research company, and data is being sent to comScore without any mention of this in the Sears privacy policy.

If you wish to read anything further I have provided the Web links below:

http://www.eweek.com/c/a/Retail/Sears-Christmas-Spyware-Surprise/

http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-join-the-community-get-spyware.aspx

The link below gives removal instructions.

http://ca.com/us/securityadvisor/pest/pest.aspx?id=453122717#section7
Back in December I sent out information on how one could download Symantec’s version of anti-virus and anti-spyware software. I am including the link in this email once more. Simply copy all the files in this directory to a CD.

Bottom line, if you have visited Sears within the last few months do not perform any on-line transactions until you are assured that the spyware has been removed.

#379

3 comments:

Skunkfeathers said...

*whew*...man, talk about heart failure as a result of not enough coffee before blog-surfing! I thought I just read that Britney Spears was tracking anyone who'd been to a website tattling on her bizarre behavior. Just what I need, a psycho blonde bimbette tracking me, what with all the psycho scam buffoons I'm tweaking now. But it's only Sears?

The Phosgene Kid said...

Do they send Ty Pennington to the bank to clean out your account?

I build my own PCs and load my own software - install some good anti-virus, firewall and spy tracker software, run scans often and you won't have any troubles.

Karen said...

Thanks for the thumbs up, Jack!