Internet accelerator unmasked as spyware

US universities are struggling with a rash of dangerous spyware that can snoop on information encrypted using SSL. Experts have...

US universities are struggling with a rash of dangerous spyware that can snoop on information encrypted using SSL. Experts have warned that the stealthy software, called Marketscore, could intercept a wide range of sensitive information, including passwords and health and financial data. 

In recent weeks, IT departments at a number of universities issued warnings about problems caused by Marketscore, which promises to speed up web browsing. Security experts said that the program, which routes all user traffic through its own network of servers, posed a real threat to user privacy.

David Escalante, director of computer security at Boston College, said Marketscore may have made it onto university networks because it came bundled with iMesh peer-to-peer software. Reports of infected systems on campuses range from a handful up to about 200 on one large campus network.

The company that makes the software, Marketscore has the same mailing address as online behaviour tracking company ComScore Networks. ComScore did not respond to repeated requests for comment.

CA's eTrust  Security Adviser research team labelled Marketscore spyware until June, but stopped after Marketscore appealed using an established spyware programme.

CA's vice-president, Sam Curry, said, "Basically it takes all your web traffice and forces it through its own proxy servers.

Ostensibly, the redirection speeds up web surfing, because pages cached on Marketscore's servers load faster than if they were served directly from the actual web servers for sites such as Google or Yahoo. But performance benefits have been elusive.

"People who have installed the software complain to us that they're not getting any improvement," said Curry.

Independent software consultant Richard Smith was also sceptical of performance improvement claims made by Marketscore and others, especially since many internet service providers already offer web caching for dial-up customers.

While other legal software programs make similar claims about improving web browsing speed as Marketscore, internet security experts are troubled that the software creates its own trusted certificate authority on computers. That certificate authority intercepts web communications secured using SSL, decrypts that traffic and sends it to the Marketscore servers before encrypting it and passing it along to its final destination. Traffic could include sensitive information such as passwords and credit card numbers.

Escalante warned that Marketscore should be a big concern for companies - especially those like banks with employees who handle sensitive data. "I don't know how good it is for parties at either end of a transaction to have a third party listening in," he said.

Unlike its predecessor, Netsetter, Marketforce clearly discloses to users what it does when installed and has an easy uninstall program. And while the program clearly tracks user behaviour, it doesn't hijack web browser home pages, spew pop-up adverts or conceal its presence, like earlier generations of spyware did.

Perhaps trying to increase its appeal, Marketscore is now advertising itself as an e-mail protection service as well as an internet accelerator. According to the Marketscore website, members receive Symantec's CarrierScan Server anti-virus technology free.

But that promise doesn't sit well with Symantec, which is considering legal action to force Marketscore to stop using its name and logo on its website.

Paul Roberts writes for IDG News Service

Read more on IT risk management