A spyware program purporting to accelerate Web browsing has a number of American college campuses rattled because the spyware in question is believed capable of intercepting a broad range of sensitive personal information.
Known as Marketscore, and having the same mailing address as online behavior tracking company comScore Networks, several campus security experts have told reporters it actually routes user traffic through its own network of servers and thus poses a user privacy threat. And it is said to come bundled with the iMesh peer-to-peer program, a program gaining in campus usage.
Boston College computer security director David Escalante said Marketscore may hae infected anywhere from a handful of systems to as many as two hundred on a given large campus network, according to his earliest analysis of the budding plague.
Columbia University’s Web site is offering an advisory for computer owners/users on campus to remove Marketscore. The site says that the operating system variant of Marketscore can modify e-mal messages you get or Web pages you visit to monitor and record any response you give to advertisements it inserts and then send data back to a controlling server.
“While MarketScore has in place a user information privacy policy, such terms are easily changed and users have no guarantee that MarketScore, or any subsequent owner of the MarketScore database and server system, will not in the future alter such privacy terms in order to make additional and more intrusive use of collected data,” said a statement from Penn State University. “Moreover, the addition of an extra server connection, and the necessary log of user traffic created by MarketScore in order to prepare and sell their aggregated data reports, increases the potential for user data piracy by third parties.”
Penn State said Marketscore can get to your user names, passwords, credit card numbers, personal identification numbers, bank and purchase transactions, and other confidential personal financial information.
“[A] number of systems on campus running Microsoft Windows have been infected with spyware distributed by a company called MarketScore,” said a statement from the University of California at Riverside, which said the program can even let your traffic be sent through its own servers and let it see any information you send or receive even if it’s protected during an HTTPS secure session using Secure Sockets Layer encryption.
UC-Riverside added that they’ve blocked connections from its networks to Marketscore home servers, a move likely to be taken up by other infected campuses. “If your ability to view Web pages on the Internet has stopped, it may be because you were infected with this spyware,” the UC-Riverside statement added. “In this case, you would still be able to use other Internet services, such as e-mail.”
ComScore Networks thus far is declining comment on the Marketscore question. Company spokesmen were unavailable for comment when reached by AVNOnline.com. But other security analysts have said Marketscore may be the newest version of a spyware known as Netsetter, first showing up in January and able to take all your Web traffic and force it through Netsetter proxy servers.
The program theoretically speeds up Web browsing because pages cached on its servers load up quicker than they would if you got them from Google or Yahoo, the analysts noted, but the actual performance benefits are believed to be dubious at best.
One published report said that it’s one thing for legal software programs to claim improved Web browsing but something else for Marketscore to create its own trusted certification authority on computers it joins… because that authority, analysts have said, cuts off Web communications secured with SSL – including passwords and financial information – decrypts it, and sends it to Marketscore servers before re-encrypting it to send to a final destination.
The good news, if you can call it that, is that Marketscore will tell you what it does when you install it and can be uninstalled easily enough with its own program. Nor does it hijack browser home pages, flood you with popups, or hide itself the way other spyware does. And it is removable through current versions of free anti-spyware programs Spybot Search and Destroy and Ad-Aware.
Unfortunately, it also likes to present itself as an e-mail protection service as well, saying those who use Marketscore get Symantec Corp.’s CarrierScan Server anti-virus technology at no charge. The problem is, that connection is news to Symantec, which has no tie to Marketscore, considers the program nothing but spyware, wants nothing to do with those who make spyware, and is pondering whether to take legal action against the program to get its makers to knock it off with using Symantec’s name and logo.
Spywareguide.com describes Marketscore as “generic malware” that “runs at startup to ensure all your web connections are routed through MarketScore's proxies. (We did not observe any significant speedup from using the service.)” The site added that the small print of the Marketscore agreement all but acknowledges the program can log all your surfing traffic, and adds that it’s one thing for Marketscore to include an uninstall feature but something else for the feature to be hidden.
The iMesh Web site says nothing about Marketscore specifically. Its privacy statement says that iMesh is the sole owner of information their site itself collects, and that iMesh itself will not sell, share, or rent such information to others “in any way other than what is disclosed in this statement.”
The statement says further on that iMesh is funded by paid advertisers and “[has] relationships with other companies that we allow to place ads on our Web site. As a result of your visit to our site or use of the Web site, ad server companies may collect information such as your domain type and your IP address to determine which country you are in and other geographic information to provide you with promotional material and offers that are available or relevant in your country.”
The company did not return a query for comment on Marketscore bundling.
