SSL Web Proxy Warning
Marketscore software and services (www.marketscore.com) is a marketing research group that collects information on web users' surfing habits in exchange for web caching and webmail anti-virus services. There's a new twist to their service - they have unencrypted access to their users' secure transaction information. If your computer has marketscore software installed, all your SSL secured transactions - banking, purchasing, passwords or personal record access information is available unencrypted to the Marketscore organization. See the following for further reference:
US educational institution response from Educause.
CNET lengthy news article.
Jan. 16, 2006: CNS has determined that the threat to the University community posed by the Marketscore SSL web proxy has changed significantly based on the following:
- The proxy mechanism has changed such that the current DNS block and web server redirect actions are ineffective.
- Symantec Antivirus, available to all University users free of charge, detects and blocks Marketscore.
- IT staff and end users are more aware of this issue.
As a result, CNS will no longer block DNS requests to Marketscore as of Feb. 10, 2006. Please remove all web server redirect configuration before this date.
The best prevention for this type of privacy threat is end user education. Here are some useful tips:
- Users should run their computers under unpriviledged logins. This will prevent inadvertent program installations.
- Root certificate stores should only contain: certificates that are installed by the browser vendor or trusted certificates required by the end user.
The best way to detect if Marketscore is currently installed is to examine the certificate of an SSL session which will show Marketscore as the trusted root authority. To remove the software, use the uninstall feature in the 'Add/Remove Programs' area of Windows Control Panel. The Symantec antivirus 'expanded threats' scan may detect it. Also, the spyware tools Adaware and Spybot will detect/remove Marketscore. You must also remove the Marketscore root Certificate of Authority from the browsers' certificate store.