Cornell Home Page Computing at Cornell Security

Security Alert: Windows spyware from MarketScore hijacking web connections (10/12/04)

Cornell's IT Security Office has determined that a number of systems on campus running Microsoft Windows have been infected with spyware distributed by a company called MarketScore.

This malicious software directs all your web traffic through the marketing company's servers, allowing them to potentially view any information you send or receive through your web browser. This includes any data that would normally be protected during an HTTPS session using SSL (Secure Sockets Layer) encryption.

To protect campus systems against further spread of this threat, we have blocked connections from our networks to the spyware's home servers. If your ability to view web pages on the Internet has stopped, it may be because you were infected with this spyware. In this case, you would still be able to use other Internet services, such as e-mail (Eudora) and network news (Gravity).

How to Detect It:

The current definitions for Symantec AntiVirus can detect but NOT remove this malicious software. To scan your system for this (and other types of malware beyond traditional viruses and the like), you need to enable "Scan for expanded threats" in the Scan Options window. For details, see: http://www.cit.cornell.edu/services/nav/expand/

How to Get Rid of It:

If you are on a departmental network, please contact your local technical support staff with any questions about updating your anti-virus software or about detecting and removing infections. The sequence Cornell's IT Security Office recommends is:

  1. Remove the spyware and restore normal functionality of your system by following this process: http://www.columbia.edu/acis/security/howto/remove/marketscore.html

  2. After you have cleaned your system, change any passwords that might have been entered on the computer, including for external accounts at sites other than Cornell.

Thank you for your attention to this message. We hope it has proven useful.

Cornell Information Technologies
IT Security Office

If you need further assistance, please contact the CIT Contact Center (HelpDesk) by calling 255-8990, by sending e-mail to helpdesk@cornell.edu, or by visiting 119 CCC. The Contact Center is open Monday-Friday from 8:00 a.m. to 5:00 p.m., with extended phone hours Monday-Thursday from 5:00 p.m. to 8:00 p.m. during the academic year. If the Contact Center is closed and your problem is urgent, contact the Network Operations Center at 255-9900.

You can receive messages like this via e-mail by subscribing to the CIT-Alert-L mailing list, which is used to distribute announcements about significant disruptions or threats to the campus computing and telecommunications environment. Visit the CIT-Alert-L subscription page


Computing at Cornell Homepage CUinfo CIT Contact List Send Us Feedback

Last modified: June 04, 2007