Subject: URGENT SECURITY ALERT: SOFTWARE PROXIES (SPYWARE)
From: servicedesk@calpoly.edu
Date: Thu, 18 Nov 2004 14:42:44 -0800 

TO:     Campus Community
 
FROM:   Vicki Stover, Campus Information Security Officer
        Jerry Hanley, Vice Provost/Chief Information Officer
 
SUBJECT: URGENT SECURITY ALERT! 
         SOFTWARE PROXIES (SPYWARE)
         ACTION REQUIRED
 
 This is to alert you to a potential threat to personal information and
 confidential University information from spyware products like MarketScore
 (formerly known as NetSetter).  While claiming to improve Internet
 connection speeds, such programs are widely seen as spyware whose primary
 goal is to gain access to secure Internet traffic and your personal
 information.  This threat affects all versions of the Microsoft Windows
 operating system, but does not currently appear to affect Mac or Linux
 systems.  For more information, see:
 http://security.calpoly.edu/spyware/msproxy.html.
 
 HOW DOES IT AFFECT ME?
 
 If you use Windows and sign up with a service like MarketScore, all of
 your Web connections are automatically routed through their servers. This
 includes secure Web connections made through My Cal Poly
 (http://my.calpoly.edu), including Password Manager and single sign-on
 applications such as PeopleSoft and MustangInfo.  For a complete list,
 see: http://security.calpoly.edu/spyware/msproxy.html.
 
 MarketScore runs at startup and collects, analyzes and stores everything
 the user sends to and from a Web site, including personal and confidential
 information entered in on-line forms and secure/encrypted transactions in
 campus applications.  This could include e-mail (if you use a Web client),
 usernames and passwords, social security and credit card numbers, PINs,
 bank and purchase transactions, and other confidential information.
 
 Such access can seriously compromise your personal information.  If you
 share a computer, you could unintentionally give access to someone else’s
 personal information without their knowledge or permission.  If a campus
 computer or application is involved, you could be exposing confidential
 University information to an unauthorized outside entity, which is against
 State law and campus policy.
 
 WHAT IS CAL POLY DOING TO STOP IT?
 
 Since the MarketScore software represents a potentially serious security
 risk to personal and confidential University information, Information
 Technology Services (ITS) will be blocking ALL network access to specific
 domains associated with MarketScore as of 8 A.M. on TUESDAY, NOVEMBER 23.  
 As other, similar known threats are identified, they will be blocked,
 also.
 
 ITS is contacting 340 Cal Poly users known to have accessed the affected
 Web servers in the past year.  They are being instructed to immediately
 remove the software and take other steps, including changing their
 password, to protect their own privacy and the security of the University
 network and data in accordance with campus policies on responsible use,
 access and security.  If steps are not taken by the date indicated above,
 their access to a broad range of network services will be temporarily
 disabled until they do so
 
 ITS will work with LAN Coordinators, ResNET, and employees to identify,
 evaluate and repair any campus computers that may have been compromised in
 this manner.
 
 HOW WILL I KNOW IF I'M AFFECTED?
 
 After November 23, on- and off-campus users whose systems host the
 affected software will not be able to connect to Cal Poly Web pages via
 their browser until the software is removed.  Non-browser applications,
 such as client-based e-mail and calendaring, should not be affected.  
 Affected computers within the campus domain server will be automatically
 redirected to http://security.calpoly.edu/spyware/msproxy.html with
 instructions on what to do next. Off-campus users will see an error
 message.
 
 RECOMMENDED ACTION / FOR MORE INFORMATION
 
 Check this CSU San Bernardino web site to determine if your computer is
 running the MarketScore application:
 http://www.infosec.csusb.edu/privacy/proxycheck.pl.
 
 If yes, go to http://security.calpoly.edu/spyware/msproxy.html and follow
 the instructions to detect and remove the MarketScore and other spyware
 applications.
 
 Home computer users:  Even if MarketScore is not found, ITS highly
 recommends checking your computer to detect and remove other potentially
 harmful spyware.  Go to http://security.calpoly.edu/spyware/msproxy.html
 and follow the instructions provided.
 
 On campus computer users:  Contact your LAN Coordinator for assistance.  
 If you are not sure who to contact, call the ITS Service Desk at 756-7000
 for assistance.
 
 Residence hall students: Follow the instructions for home computer users.  
 If you have any questions, contact ResNET staff for assistance.
 
 
 ITS Service Desk - (805) 756-7000
 servicedesk@calpoly.edu; http://servicedesk.calpoly.edu
 14-114, Monday-Friday, 8 a.m. to 5 p.m.