Re: Question regarding Marketscore spyware

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Yes .. we have lots of experience.  We are blocking access to our most
sensitive application.  Access to other applications that require
authentication are being logged and an email is being sent to the user with
the time and date of the access.  We are asking them to remove the
Marketscore software if they are accessing confidential data since this
constitutes a violation of university policy.  The interesting thing is
that many people are using computers in semi public areas to check their
email and we are finding Marketscore installed on them.

Below is a copy of the email we are sending ... the <records> is being
filled in with all of the accesses from a Marketscore proxy server.

=================================================================================
A security scan (**see below) of access to Columbia's online
systems shows that you have installed network software that
CAPTURES YOUR CONFIDENTIAL INFORMATION.

The dates and times you used this service to reach Columbia are
listed at the end of this message.

You may have installed the software by clicking on an offer of
"Faster Surfing at No Cost," "Free Internet Accelerator," "Defend
Against Email Viruses," "Win Luxury Prizes," or "Join Our
Exclusive Panel of Law Students."

The system capturing your information is run by Marketscore.com
and operates under other names like jdcouncil.org.

By agreeing to install the software and use their service, you
allow Marketscore to see the information you send over the Internet.
Depending on the online services you use, this can include

* Credit card numbers,
* Banking information,
* Products purchased and prices paid,
* Prescriptions ordered, and so on.

This information is visible to Marketscore even when you use
secure connections and the lock on your browser is closed.

While we do not believe that Marketscore will use your
information in any way not described in their Terms and
Conditions and Privacy Policy (which can be seen at
marketscore.com), we strongly recommend removing the software.

NOTE: If you use University systems to display confidential
information for others, such as employment or pay records,
grades, or similar data, you MUST IMMEDIATELY REMOVE the software
from any computer that you use to access such information.  Such
access is a violation of University policy.

REMOVAL: If you wish to remove this service, please copy and
paste this link into your browser and follow the instructions:

www.columbia.edu/acis/security/howto/remove/marketscore.html

**The scan does not look at the contents of your computer, transmissions,
or email.  It only records that a connection was made via the service
that captures your information.  The security scan is part of the
University's information security initiative.

DATES & TIMES: The log shows that you used Marketscore at these times:

<RECORDS>

AcIS Security Group
security () columbia edu

=============================================================================
IHTH

Joel Rosenblatt

Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

--On Wednesday, December 01, 2004 5:26 PM -0600 Jason Richardson
<A00JER2 () WPO CSO NIU EDU> wrote:

> Hi all, I just read an article about the threat that this flavor of
> spyware poses to edus and that several, including those represented by
> frequent posters here and on Unisog, have blocked all access to/from
> their networks.  Has anyone else had any experience with it?  We have
> not (yet) to the best of my knowledge.  Here's the story -
> http://www.pcworld.com/news/article/0,aid,118757,tk,dn120104X,00.asp.
>
> TIA,
>
> ---
> Jason Richardson
> Manager, IT Security and Client Development

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.