TO: Campus Community
FROM: Vicki Stover, Campus Information Security Officer
Jerry Hanley, Vice Provost/Chief Information Officer
SUBJECT: URGENT SECURITY ALERT!
SOFTWARE PROXIES (SPYWARE)
ACTION REQUIRED
This is to alert you to a potential threat to personal information and
confidential University information from spyware products like MarketScore
(formerly known as NetSetter). While claiming to improve Internet
connection speeds, such programs are widely seen as spyware whose primary
goal is to gain access to secure Internet traffic and your personal
information. This threat affects all versions of the Microsoft Windows
operating system, but does not currently appear to affect Mac or Linux
systems. For more information, see:
http://security.calpoly.edu/spyware/msproxy.html.
HOW DOES IT AFFECT ME?
If you use Windows and sign up with a service like MarketScore, all of
your Web connections are automatically routed through their servers. This
includes secure Web connections made through My Cal Poly
(http://my.calpoly.edu), including Password Manager and single sign-on
applications such as PeopleSoft and MustangInfo. For a complete list,
see: http://security.calpoly.edu/spyware/msproxy.html.
MarketScore runs at startup and collects, analyzes and stores everything
the user sends to and from a Web site, including personal and confidential
information entered in on-line forms and secure/encrypted transactions in
campus applications. This could include e-mail (if you use a Web client),
usernames and passwords, social security and credit card numbers, PINs,
bank and purchase transactions, and other confidential information.
Such access can seriously compromise your personal information. If you
share a computer, you could unintentionally give access to someone else’s
personal information without their knowledge or permission. If a campus
computer or application is involved, you could be exposing confidential
University information to an unauthorized outside entity, which is against
State law and campus policy.
WHAT IS CAL POLY DOING TO STOP IT?
Since the MarketScore software represents a potentially serious security
risk to personal and confidential University information, Information
Technology Services (ITS) will be blocking ALL network access to specific
domains associated with MarketScore as of 8 A.M. on TUESDAY, NOVEMBER 23.
As other, similar known threats are identified, they will be blocked,
also.
ITS is contacting 340 Cal Poly users known to have accessed the affected
Web servers in the past year. They are being instructed to immediately
remove the software and take other steps, including changing their
password, to protect their own privacy and the security of the University
network and data in accordance with campus policies on responsible use,
access and security. If steps are not taken by the date indicated above,
their access to a broad range of network services will be temporarily
disabled until they do so
ITS will work with LAN Coordinators, ResNET, and employees to identify,
evaluate and repair any campus computers that may have been compromised in
this manner.
HOW WILL I KNOW IF I'M AFFECTED?
After November 23, on- and off-campus users whose systems host the
affected software will not be able to connect to Cal Poly Web pages via
their browser until the software is removed. Non-browser applications,
such as client-based e-mail and calendaring, should not be affected.
Affected computers within the campus domain server will be automatically
redirected to http://security.calpoly.edu/spyware/msproxy.html with
instructions on what to do next. Off-campus users will see an error
message.
RECOMMENDED ACTION / FOR MORE INFORMATION
Check this CSU San Bernardino web site to determine if your computer is
running the MarketScore application:
http://www.infosec.csusb.edu/privacy/proxycheck.pl.
If yes, go to http://security.calpoly.edu/spyware/msproxy.html and follow
the instructions to detect and remove the MarketScore and other spyware
applications.
Home computer users: Even if MarketScore is not found, ITS highly
recommends checking your computer to detect and remove other potentially
harmful spyware. Go to http://security.calpoly.edu/spyware/msproxy.html
and follow the instructions provided.
On campus computer users: Contact your LAN Coordinator for assistance.
If you are not sure who to contact, call the ITS Service Desk at 756-7000
for assistance.
Residence hall students: Follow the instructions for home computer users.
If you have any questions, contact ResNET staff for assistance.
ITS Service Desk - (805) 756-7000
servicedesk@calpoly.edu; http://servicedesk.calpoly.edu
14-114, Monday-Friday, 8 a.m. to 5 p.m.