Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question regarding Marketscore spyware

From: Joseph Karam <jkaram () HAMILTON EDU>
Date: Fri, 3 Dec 2004 15:12:07 -0500
Hi Security Listserv people,

First, thanks for all this valuable information.  For us slower types out
here, I have a few more questions.

We setup a test machine here in our ITS area with the marketscore software.
I then put blocks in place on our campus firewall to block that computer
from connecting to the various IP addresses Marketscore uses.  On the client
side, we found that normal web browsing (http) still worked fine with the
blocks in place, but https secure connections broke.  On the firewall, we
confirmed that I was denying a whole lot of attempts to access the
marketscore sites.

My questions are:

1)  Is this behavior consistent with what others are seeing?  From the
previous posts I think we are seeing things properly.

2)  I am still wondering how you all are re-directing people to a particular
web site if they are infected.  Do you setup static routes on your internal
router to point the marketscore addresses to an internal web page with the
remediation instructions?

3)  I'm assuming that if I just put blocks in place to prevent people from
accessing these sites, then we would just get a bunch of calls from people
having problems using https?  Is this what others see?

Thanks for your help-

Joe Karam
Director, Network and Telecommunications Services
Information Technology Services
Hamilton College
198 College Hill Road
Clinton, NY 13323
Phone: 315-859-4167 Fax: 315-859-4185
jkaram () hamilton edu
http://onthehill.hamilton.edu/college/its/network_services/

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: