Educause Security Discussion mailing list archives
Re: Question regarding Marketscore spyware
From: Brent Sweeny <sweeny () INDIANA EDU>
Date: Wed, 1 Dec 2004 22:47:03 -0500
Indiana University has written a good page on it too: see http://kb.indiana.edu/data/apnh.html they did two things: redirect the DNS name resolutions for the marketscore servers from campus users toward a security page that told them they'd been owned and how to remove it. also used netflow to identify the affected users and made sure they were contacted. I don't work for the security office so don't know more details, but it seems to have been an effective and justified approach. On Wed, Dec 01, 2004 at 10:26:57PM -0500, Gary Flynn wrote:
Jason Richardson wrote:Hi all, I just read an article about the threat that this flavor of spyware poses to edus and that several, including those represented by frequent posters here and on Unisog, have blocked all access to/from their networks. Has anyone else had any experience with it? We have not (yet) to the best of my knowledge. Here's the story - http://www.pcworld.com/news/article/0,aid,118757,tk,dn120104X,00.asp.Its the first I've heard about it but the press seems to be picking it up as someone else just asked me about it. It doesn't appear to be anything new. I've seen posts about it that date back to 2001. University of Minnesota's web page on the subject says the page was last updated in 2003. http://www1.umn.edu/oit/security/marketscore.html I'd think a commercial venture that was man-in-the-middling SSL protected sessions would end up in court pretty quick but maybe their privacy policy discloses this and thereby the person turning their computer over to this unknown code is making a responsible, informed decision. Hey, I have this neat screen saver that works real well with it too.... ;) XP's software restrictions feature looks more and more attractive. A quick Google search makes me think Adaware and Spybot both detect it. If some of those folks blocking the servers would provide an IP address list and/or their domain naming scheme I'm sure I'm not the only one here that would appreciate it. TIA. Gary Flynn Security Engineer James Madison University
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Question regarding Marketscore spyware Jason Richardson (Dec 01)
- <Possible follow-ups>
- Re: Question regarding Marketscore spyware Joel Rosenblatt (Dec 01)
- Re: Question regarding Marketscore spyware Gary Flynn (Dec 01)
- Re: Question regarding Marketscore spyware Gary Flynn (Dec 01)
- Re: Question regarding Marketscore spyware Brent Sweeny (Dec 01)
- Re: Question regarding Marketscore spyware Gary Dobbins (Dec 02)
- Re: Question regarding Marketscore spyware Steele, John E. (Dec 02)
- Re: Question regarding Marketscore spyware Lutzen, Karl F. (Dec 02)
- Re: Question regarding Marketscore spyware Gary Flynn (Dec 02)
- Re: Question regarding Marketscore spyware Joel Rosenblatt (Dec 02)
- Re: Question regarding Marketscore spyware Dave Monnier, IT Security Office, Indiana University (Dec 02)
- Re: Question regarding Marketscore spyware rwatts (Dec 02)
- Re: Question regarding Marketscore spyware Mike Iglesias (Dec 02)
- Re: Question regarding Marketscore spyware Schultz, Stephen (Dec 02)
- Re: Question regarding Marketscore spyware Joel Rosenblatt (Dec 02)
(Thread continues...)