Sears Holdings was busted for using sophisticated spyware on some of its e-commerce sites. Now Bruce Schneier wonders if it is criminal behavior.

At the least, the concept of altering your privacy policy based on whether some desktop software is present is worthy of one gigantic class action lawsuit. How the surreptitiously installed software actually got a hold of users’ banking data is another matter altogether.

UPDATE: A glaring lack of security. A twelve year old script kiddie could have done a better job.

Bringing new meaning to spyware.

It is the last day of 2006. What better time for predictions…

From the experts:

• The security threats that will bind us in 2007

• If you are more inclined to make (or lose) money next year, here’s “the take” from the Washington Post

Spamroll says:

• Spam will not end in late January (and Bill Gates will remain mum thereafter)

• Some spyware companies will be getting sued again by February, while the rest change their company name
• The government will quit buying consumer data in March, after determining that who is buying TMX Elmo is in no way correlated with who has a tendency to be a terrorist
• Everyone will be backing up their hard drives by April, but only if external hard drives are free
• They’ll be encrypting them by May, because everyone will be running hacked versions of Vista
• We’ll all take the summer off, since phishers already do
• Back-to-school will piss off millions of children, and not much else
• October will be much like September
• Telcos will implement IPv6 for Thanksgiving, and everyone on the internet will know who everyone else is, once and for all (with the exception of MacBook Pro users, which are already being tracked via heatsink)
• We’ll get a ton of self-serving predictions for 2008, a week early at Christmas

Happy New Year!

UPDATE: Sarcasm does work - someone is thinking about backup.

Zango, the spyware company formerly known as 180Solutions (you know, the company that is in a perpetual turnaround), was lucky enough to have the class action lawsuit against them dismissed. Lucky.

Just yesterday, the FTC announced they had just bagged another spyware company, forcing a $2MM fine down their throats.

Sooner or later, Zango’s (or maybe their name will be Zoonga, Dango, or 270omission by then) luck is going to run out.

Someday we’ll have interactive, electronic paper, and when your wife or girlfriend isn’t looking you’ll be able to steal her Victoria’s Secret catalog and catch a few jollies. The only risk will be getting caught (if you consider that a risk). Until then, it’s just a computer and spyware thing you have to worry about.

I haven’t heard if anyone figured out whether social networking sites like MySpace were using spyware to supplement their growth. No matter - outsiders are, though embedded videos in fake profiles.

I wonder how many of MySpace’s profiles are being used for this kind of stuff - I suspect quite a few. Nevertheless, those astrophysics Ph.D. pursuing cover girls are probably getting the best of a few suckers right about now.

***UPDATE***

TechCrunch thinks MySpace might be extended guilt by association.

BusinessWeek, in cooperation with MSNBC, is running a comprehensive story on DirectRevenue - you know, the spyware company that infects its own investors. Worth a read, if you have a decent amount of time (it’s fairly long).

A while back, someone noted that Steve Ballmer had a bit of trouble getting bugs off a Windows machine. Actually, it wasn’t a bit of trouble - it turned out a struggle.

No matter. The investors in spyware company DirectRevenue had the same problem.

You reap what you sow.

So I have been lazy lately - or is that busy - I can’t tell which. First report - Sophos’s Top Ten malware threats for April 2006; second up - MXLogic’s latest on email worms and viruses.

The Spamroll summary - Netsky rules, and email worms need less interesting names. Needless to say, these threat games are more than about fun - the perpetrators are focusing in on pay days.

Webroot recently reported a dramatic rise in spyware incidents, most of it targeting financial data. While the company’s report may be biased, the fact that spyware has roots in commercial enterprised (i.e. adware) means there are more people working on the stuff. The fact that viruses are generally individual endeavors means they will take a back seat.

But why all the extra attention? Well, if you are going out looking for internet users to scam, would you rather target the educated (and protected), or the clueless?