Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question regarding Marketscore spyware

From: Mike Iglesias <iglesias () DRACO ACS UCI EDU>
Date: Thu, 2 Dec 2004 08:11:48 -0800
Indiana University has written a good page on it too:
   see http://kb.indiana.edu/data/apnh.html
they did two things: redirect the DNS name resolutions for the marketscore
servers from campus users toward a security page that told them they'd been
owned and how to remove it.  also used netflow to identify the affected users
and made sure they were contacted.  I don't work for the security office so
don't know more details, but it seems to have been an effective and justified
approach.


This is what we did back in mid October.  Requests for any host in
marketscore.com get back the IP address of a system on campus that
gives them a web page detailing what has happened and what they
need to do to fix it.

You can see the web page at http://poisondns.nacs.uci.edu


Mike Iglesias                          Email:       iglesias () draco acs uci edu
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: