Educause Security Discussion mailing list archives

Marketscore proxies...

From: Jeff Kell <jeff-kell () UTC EDU>
Date: Tue, 12 Jan 2010 11:46:53 -0500
Marketscore proxy agents...

rxm715 172.20.85.229 00:1D:09:C8:E8:8A  PCP-3000-IDF-1-3 Fa0/44 { 3413B
}  Bryan-Brahan () utc edu

 <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_a> Signature >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_a> Classification >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_a> Total # >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_a> First >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_a> Last >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_d>

ET USER_AGENTS MarketScore.com Spyware User Configuration and Setup
Access  policy-violation        1
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1844&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-12 00:36:48     2010-01-12 00:36:48
SPYWARE-PUT Hijacker marketscore runtime detection      misc-activity   46
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=304&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-05 22:17:23     2010-01-12 00:36:48
SPYWARE-PUT Trackware relevantknowledge runtime detection
successful-recon-limited        46
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1155&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-05 22:49:53     2010-01-12 16:39:43
ET MALWARE MarketScore.com Spyware Proxied Traffic      policy-violation        12
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=934&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-11 20:25:56     2010-01-12 16:39:43



mvx421 172.20.67.127 00:14:22:AF:EF:52  NVH-CM-3 Fa0/12 { 423DD }
Shaundella-Dowdell () utc edu

 <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_a> Signature >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_a> Classification >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_a> Total # >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_a> First >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_a> Last >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_d>

SPYWARE-PUT Hijacker marketscore runtime detection      misc-activity   7
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=304&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-06 15:02:17     2010-01-12 00:46:28
ET USER_AGENTS MarketScore.com Spyware User Configuration and Setup
Access  policy-violation        5
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1844&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-12 00:46:28     2010-01-12 00:46:55
ET MALWARE MarketScore.com Spyware Proxied Traffic      policy-violation        20
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=934&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-11 22:34:22     2010-01-12 10:55:04
SPYWARE-PUT Trackware relevantknowledge runtime detection
successful-recon-limited        74
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1155&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-06 15:01:56     2010-01-12 12:35:04



qpx236 172.20.81.12 00:23:AE:39:AB:F5  PCP-3000-IDF-2-1 Fa0/9 { 3221D }
Mallory-Morton () utc edu

 <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_a> Signature >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=sig_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_a> Classification >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=class_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_a> Total # >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=occur_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_a> First >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=first_d>
         <
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_a> Last >
<https://taran.utc.edu/BASE/base_stat_alerts.php?caller=&sort_order=last_d>

SPYWARE-PUT Hijacker marketscore runtime detection      misc-activity   22
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=304&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-08 19:30:35     2010-01-12 05:14:27
ET MALWARE MarketScore.com Spyware Proxied Traffic      policy-violation        36
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=934&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-11 19:31:48     2010-01-12 05:14:27
SPYWARE-PUT Trackware relevantknowledge runtime detection
successful-recon-limited        19
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1155&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-08 19:30:30     2010-01-12 05:14:27
ET USER_AGENTS MarketScore.com Spyware User Configuration and Setup
Access  policy-violation        3
<https://taran.utc.edu/BASE/base_qry_main.php?new=1amp;&sig%5B0%5D=%3D&sig%5B1%5D=1844&sig_type=1&submit=Query+DB&num_result_rows=-1>(0%)
        2010-01-11 19:47:28     2010-01-12 05:14:27



Disabling.

Jeff
Current thread:

Marketscore proxies... Jeff Kell (Jan 12)
- <Possible follow-ups>
- Re: Marketscore proxies... Jeff Kell (Jan 12)
- Re: Marketscore proxies... Ken Connelly (Jan 12)
- Re: Marketscore proxies... Jeff Kell (Jan 12)