I wonder how many people using Windows have been bitten by this new spyware, as related by the Computer Associates Security Advisor Blog ?
Sears.com is distributing spyware that tracks all your Internet usage – including banking logins, email, and all other forms of Internet usage – all in the name of “community participation.” Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software (“the proxy”) on your system, all data transmitted to and from your system will be intercepted.
The mention of “banking logins” is to get your attention, because as this apparently hoovers up all your traffic it will get whatever you do, presumably including credit cards, etc.
They also have an interesting take on how to do privacy policies:
What I have come to learn is that if you navigate to http://www.myshccommunity.com/Privacy.aspx you could actually get one of two policies. […] If you access that URL with a machine compromised by the Sears proxy software, you will get the policy with direct language (like “monitors all Internet behavior”). If you access the policy using an uncompromised system, you will get the toned down version (like “provide superior service”). Both policies share the same URL and same look and feel – coloring, page layout, Kmart and Sears branding, etc.
In other words they have a policy that implies that it’s inoccuous prior to installation, which then springs into sharp relief once you’ve crossed the Rubicon and installed their spyware – nice touch!