I originally published this blog at: http://community.ca.com/blogs/securityadvisor
Published: December 21 2007, 02:11 PM by Benjamin Googins
CA Spyware Scorecard
Some people have asked me what criteria of the CA Anti-Spyware Scorecard the Sears proxy software violates. Here are the clearest violations:
- Installs itself or any other item without clear notice to user and obtaining user permission at time of installation
- Without obtaining user permission, takes the following action: Proxies, redirects or relays the user’s network traffic or modifies the networking stack to send traffic through a third-party server
- Transmits User Data without clear notice to the user and obtaining user permission
Proxies Genetic Heritage
As I mentioned yesterday, the Sears proxy software is similar to other software CA Anti-Spyware detects by the names Netsetter, MarketScore (and lots of variants), RelevantKnowledge, InternetAccelerator. This software is all related and shows signs that it was created by the same group. All of these companies and product names appear to be the predecessor to the current day comScore — the registrants of the domains to which the data intercepted by the Sears proxy data is sent. CA Anti-Spyware detects this new software as the Sears.com proxy. When I analyzed the binary code, it has similarities to the software mentioned above. Using the program PEEK, I could see in plain ascii characters in long strings that were used by RelevantKnowledge and Netsetter, for example, the following strings (appear to be registry keys) are present:
- SOFTWARE\Relevant Knowledge\
- Internet Accelerator
In addition, from a behavior standpoint, the Sears proxy operates similarly to the old software. The network traffic going to comScore, the binaries looking similar to other comScore binaries, and similar overall behavior leads me to believe the Sears proxy is directly related to Netsetter, MarketScore, Internet Accelerator and RelevantKnowledge.
Note: all other aspects of yesterday’s blog remain unchanged. Highlights:
- The proxy remains a significant threat to privacy
- Both form data and proxy data are sent to third party comScore
- Sears says all data resides on a ‘confidential database’ owned by myshccommunity.com (domain registered to Sears), but when I analyze network traffic, it is sent to a domain registered to comScore
- Lack of prominent notice
By: Benjamin Googins
Benjamin Googins is a senior engineer working on CA’s Anti-Spyware product. His primary functions include analyzing spyware and privacy breeches, fielding press inquiries, blogging and drafting documents. He has been a significant contributor to the User Permission document , Spyware Scorecard , Threat… Read More..
5 people have left comments:
Pingback from Sears.com: Join the Community ??? Get Spyware – CA Security Advisor Research Blog – CA
Posted by:Sears.com: Join the Community ??? Get Spyware – CA Security Advisor Research Blog – CA, December 21, 2007 2:38 PM
Earlier today comments were submitted by Rob Harles, VP SHC Community, to my original blog posting titled
Posted by: CA Security Advisor Research Blog, December 22, 2007 1:03 AM
On December 29, Rob Harles, the SVP for Sears’ SHC, submitted a comment to my post titled: ”
Posted by: CA Security Advisor Research Blog, January 2, 2008 6:38 PM
It is things like that that make me wonder why anyone continues to use an operating system that is so insecure as to allow this.
And why do they not TURN OFF the “Allow websites to install software”.
10 years with zero malware problems simply by NOT using windows.
[ GNU-Linux only for that time ]
On the other hand, if people were using anything but windows and not running as ADMINISTRATOR in it, then we would never find out exactly how CORRUPT the people running sites like the SHC community are.
Just means I’ll not be shopping at Sears, Kmart or Landsend, either in person or online.
They want to be criminals, they can lose my patronage.
Posted by: Jaqui, January 9, 2008 2:38 PM
Boycotting a company due to their unethical behaviour, violation of trust, or complete disregard for human deceny is a venerable and effective strategy. The important thing is to let the leaders of the company know that you’re taking your business elsewhere, and why. If you just quit shopping at Sears no one will know why. Those in charge will ascribe any drop in business to everything other than their own behaviour and policies. Tell them good-bye, make it explicit, rub their noses in it. A clear connection between their corporate policies and losing you as a customer is the only way a boycott can be effective.
Posted by: Phread, February 6, 2008 5:11 PM