Spyware Case Study

1
Spyware Case Study

• Prepared By Omar Alzubi
• Supervised By Dr. Loai Tawalbeh
• Intrusion Detection and Hackers Exploits-NYIT
  (Summer '06)

2
Marketscore hit many US Universities

• MKSC hit many US Universities in Dec-2004
• Director of computer security at Boston College,
  the software was bundled with iMesh peer-to-peer
  software.

3
Background off Marketscore Inc..

• As in the MarketScore Privacy Statement
• originally called Netsetter
• a service of ComScore Networks (www.comscore.com),
  an online behavior tracking company
• assisting ComScore Networks in providing
  information on Internet trends and usage
  activity.

4

5
What the set-up process do

• Marketscore FAQ
• http//www.marketscore.com/faq.aspx
• What does the set-up process do?
• During the registration process and in the
  process of adding your computers to the
  Marketscore Network, your computers and browsers
  are configured to route your Household's Internet
  communication automatically through the
  Marketscore Network and we assign a unique ID so
  we can accurately and anonymously track your
  Internet use.

6

7
Installation

• Install by ActiveXUser need to confirm to trust
  the software.

8
What is installed (I)
9
What is installed (II)

• TCPIP network kernel
• driver
• Windows Socket 2.0 Non-
• IFS Service Provider
• Support Environment
• All TCPIP network traffics
• are intercepted at very
• low level

10
What is installed?
11
What is installed (III)
12
Threat 1 Web traffic proxied
13
Threat 2 SSL encryption broken
14
Man-in-the-middle attack
15
What MKSC said on this
16
What is reported?
17
Threat 3 Spyware service running
18
Threat 4 Email Redirection?
19
Threat 5 Adware
20
Threat 5 Information Trade
21
Myth of Speed
22
Summary for MarketScore

• ?? Careful packaging of the service
• ?? Prepared to deal with legal issues
• - Has user consent before installation
• ?? Designed to tap human weaknesses
• - Give benefits
• Leverage on user ignorance or negligence