Sears "spies on customers"

INSECURITY outfit CA Security is warning punters not to join shopping giant Sears' SHC community.

If you visit Sears.com and Kmart.com you get the chance to join something called My SHC Community and to download some software to aid in 'community participation'.

CA claims that the software acts as a proxy to every web transaction made on the compromised computer. In short it is spyware that tracks all Internet usage, including banking logins, and email.

All data transmitted to and from a system is intercepted. The spyware has been identified as a variation of MarketScore which is spyware that is found by CA's products.

A compromised system will monitors and transmits a copy of all Internet traffic. It will monitors secure sessions which may include shopping or banking sites. For some reason it will records and transmit "the pace and style with which you enter information online and snuffle the header section of personal emails.

It has the ability to combine any data intercepted with credit information.

The data was not even being sent to Sears, but a domain called oss-content.securestudies.com with the IP address 209.247.230.166. The owner of this site is none other than comScore which is an internet marketing research outfit.

More here. µ