Spyware Case Study Prepared By: Omar Alzubi Supervised By: Dr. Lo’ai Tawalbeh Intrusion Detection and Hackers Exploits- NYIT (Summer '06)
Jan 18, 2016
Spyware Case Study
Prepared By Omar AlzubiSupervised By Dr Lorsquoai Tawalbeh
Intrusion Detection and Hackers Exploits-NYIT (Summer 06)
Marketscore hit many US Universities
MKSC hit many US Universities in Dec-2004
Director of computer security at Boston College ldquothe software was bundled with iMesh peer-to-peer softwarerdquo
Background off Marketscore Inc As in the MarketScore Privacy
Statement originally called Netsetter a service of ComScore Networks (
wwwcomscorecom) an online behavior tracking company
assisting ComScore Networks in providing information on Internet trends and usage activity
What the set-up process do hellip Marketscore FAQ
httpwwwmarketscorecomfaqaspx What does the set-up process do During the registration process and in the
process of adding your computers to the Marketscore Network your computers and browsers are configured to route your Households Internet communication automatically through the Marketscore Network and we assign a unique ID so we can accurately and anonymously track your Internet use
Installation Install by ActiveXUser need to confirm to trust
the software
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Marketscore hit many US Universities
MKSC hit many US Universities in Dec-2004
Director of computer security at Boston College ldquothe software was bundled with iMesh peer-to-peer softwarerdquo
Background off Marketscore Inc As in the MarketScore Privacy
Statement originally called Netsetter a service of ComScore Networks (
wwwcomscorecom) an online behavior tracking company
assisting ComScore Networks in providing information on Internet trends and usage activity
What the set-up process do hellip Marketscore FAQ
httpwwwmarketscorecomfaqaspx What does the set-up process do During the registration process and in the
process of adding your computers to the Marketscore Network your computers and browsers are configured to route your Households Internet communication automatically through the Marketscore Network and we assign a unique ID so we can accurately and anonymously track your Internet use
Installation Install by ActiveXUser need to confirm to trust
the software
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Background off Marketscore Inc As in the MarketScore Privacy
Statement originally called Netsetter a service of ComScore Networks (
wwwcomscorecom) an online behavior tracking company
assisting ComScore Networks in providing information on Internet trends and usage activity
What the set-up process do hellip Marketscore FAQ
httpwwwmarketscorecomfaqaspx What does the set-up process do During the registration process and in the
process of adding your computers to the Marketscore Network your computers and browsers are configured to route your Households Internet communication automatically through the Marketscore Network and we assign a unique ID so we can accurately and anonymously track your Internet use
Installation Install by ActiveXUser need to confirm to trust
the software
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What the set-up process do hellip Marketscore FAQ
httpwwwmarketscorecomfaqaspx What does the set-up process do During the registration process and in the
process of adding your computers to the Marketscore Network your computers and browsers are configured to route your Households Internet communication automatically through the Marketscore Network and we assign a unique ID so we can accurately and anonymously track your Internet use
Installation Install by ActiveXUser need to confirm to trust
the software
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Installation Install by ActiveXUser need to confirm to trust
the software
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What is installed (I)
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What is installed (II)
TCPIP network kernel driver
Windows Socket 20 Non-IFS Service ProviderSupport Environment
All TCPIP network trafficsare intercepted at verylow level
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What is installed
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What is installed (III)
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 1 Web traffic proxied
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 2 SSL encryption broken
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Man-in-the-middle attack
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What MKSC said on this
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
What is reported
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 3 Spyware service running
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 4 Email Redirection
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 5 Adware
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Threat 5 Information Trade
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Myth of Speed
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence
Summary for MarketScore
1048708 Careful packaging of the service 1048708 Prepared to deal with legal issues- Has user consent before installation 1048708 Designed to tap human weaknesses- Give benefits- Leverage on user ignorance or
negligence