Educause Security Discussion mailing list archives
Re: Question regarding Marketscore spyware
From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Fri, 3 Dec 2004 14:14:32 -0600
Joseph Karam wrote on Fri, 2004-12-03 at 15:12:07 -0500...
1) Is this behavior consistent with what others are seeing? From the previous posts I think we are seeing things properly.
Yes.
2) I am still wondering how you all are re-directing people to a particular web site if they are infected. Do you setup static routes on your internal router to point the marketscore addresses to an internal web page with the remediation instructions?
Poison your DNS cache's to reply with a local address; then put a webserver at that location. -- Eric Pancer :.: Computer Security Response Team :.: DePaul University http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Question regarding Marketscore spyware, (continued)
- Re: Question regarding Marketscore spyware rwatts (Dec 02)
- Re: Question regarding Marketscore spyware Mike Iglesias (Dec 02)
- Re: Question regarding Marketscore spyware Schultz, Stephen (Dec 02)
- Re: Question regarding Marketscore spyware Joel Rosenblatt (Dec 02)
- Re: Question regarding Marketscore spyware Jeff Kell (Dec 02)
- Re: Question regarding Marketscore spyware Tom Klimek (Dec 02)
- Re: Question regarding Marketscore spyware Gary Dobbins (Dec 02)
- Re: Question regarding Marketscore spyware Scholz, Greg (Dec 02)
- Re: Question regarding Marketscore spyware Chris Allison (Dec 03)
- Re: Question regarding Marketscore spyware Joseph Karam (Dec 03)
- Re: Question regarding Marketscore spyware Eric Pancer (Dec 03)
- Re: Question regarding Marketscore spyware Skrdla, David (Dec 06)
- Re: Question regarding Marketscore spyware Skrdla, David (Dec 21)