This software is not a virus or a trojan. It is detected as a "potentially unwanted program." Proxy-OSS is distributed as an Internet Accelerator program, created by Marketscore. As advertised, the program is designed "to enhance the speed of the Internet while tracking user trends". It is a data gathering mechanism which collects personal information and internet usage statistics. The LSP (Layered Service Provider) stack is modified such that internet traffic is routed through servers operated by Marketscore. More recent versions of the software employ a local proxy, routing traffic through a process running on the host system instead of to remote servers. This local process then makes periodic transmissions to remote servers, presumably when data of interest is identified.
This software is installed via an ActiveX control downloaded from www.marketscore.com. Several files are dropped using an InstallShield installation package and many registry entries are created. A license agreement and privacy policy are displayed on the Marketscore website and must be agreed to (via selection of a checkbox) in order for the setup executable to be downloaded.
Although not observed during testing, it is possible that consumer surveys may be delivered via popup windows, as mentioned in the privacy policy.
Privacy
The Privacy Policy established sweeping rights for Marketscore to monitor internet traffic, collect user data, and establish correlations with other, personally identifiable data (version dated Feb 14, 2005)
Full Privacy Statement: http://www.marketscore.com/privacy.aspx
Full Membership Agreement: http://www.marketscore.com/MembershipAgreement.aspx
System Changes
Files Added
Note: Although created during the installation, the following files and folders appear to be standard components of the InstallShield installation packaging software, and not related to the functionality of the Proxy-OSS software.
c:\WINDOWS\Downloaded Program Files\setup.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\iKernel.rgs
c:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb c:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
The remaining files appear specific to the Proxy-OSS software installation.
c:\WINDOWS\nsreg.dat
Size: 335 bytes
c:\WINDOWS\system32\mksc.exe
Size: 864,256 bytes
MD5: 09B44309B8CB641300D93458D9358ADF
c:\WINDOWS\system32\nsosscfg.exe
Size: 118,784 bytes
MD5: 46DC45B14503070FC8053CE75DBCCC0C
c:\WINDOWS\system32\okshook.dll
Size: 49,152 bytes
MD5: A8A11A2873C6A21AE8C0916DAD013F7C
c:\WINDOWS\system32\osmim.dll
Size: 303,104 bytes
MD5: F0BFFBA3F4C2EE36FA5229FF2C293657
c:\WINDOWS\system32\sporder.dll
Size: 8,464 bytes
MD5: 97F50C3E6EEB45CBE2413431F1BB52FB
Registry
Keys Added
HKEY_CURRENT_USER\Software\InstallShield
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Netsetter
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{00345390-4F77-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}
HKEY_CLASSES_ROOT\Interface\{084A0737-26B9-4433-8007-A9161333B5FC}
HKEY_CLASSES_ROOT\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}
HKEY_CLASSES_ROOT\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{1169A235-14D9-4488-8B56-58ECE9C57002}
HKEY_CLASSES_ROOT\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}
HKEY_CLASSES_ROOT\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}
HKEY_CLASSES_ROOT\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}
HKEY_CLASSES_ROOT\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{1ED19966-1493-4539-B9F5-97A6556CE8F8}
HKEY_CLASSES_ROOT\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}
HKEY_CLASSES_ROOT\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}
HKEY_CLASSES_ROOT\Interface\{229A85A7-2F77-42A2-8CBD-01DD1C09BC88}
HKEY_CLASSES_ROOT\Interface\{230FFDDA-4771-42D0-9383-42547833224B}
HKEY_CLASSES_ROOT\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3DFE4F8F-A5A1-4ECA-9A50-E5CF9BA836E9}
HKEY_CLASSES_ROOT\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}
HKEY_CLASSES_ROOT\Interface\{3FB92AF0-B9EE-4C30-8D36-93495070CCA1}
HKEY_CLASSES_ROOT\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}
HKEY_CLASSES_ROOT\Interface\{4D08A70C-42E4-4238-AF79-7A7485C66EE2}
HKEY_CLASSES_ROOT\Interface\{4E26CAD5-1B59-4D1D-9063-2D91314C9E45}
HKEY_CLASSES_ROOT\Interface\{5331F72D-17F1-4D16-A17A-F190461343BF}
HKEY_CLASSES_ROOT\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}
HKEY_CLASSES_ROOT\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}
HKEY_CLASSES_ROOT\Interface\{6D0A2C7B-875F-40E7-B7BE-2E909A3A9026}
HKEY_CLASSES_ROOT\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}
HKEY_CLASSES_ROOT\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}
HKEY_CLASSES_ROOT\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}
HKEY_CLASSES_ROOT\Interface\{78A47147-ACE5-46F8-BA85-BEAF37827CF4}
HKEY_CLASSES_ROOT\Interface\{7B288F47-79AB-43A8-8494-D9F4D5985B29}
HKEY_CLASSES_ROOT\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}
HKEY_CLASSES_ROOT\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{7FA3F3D3-7B9E-4F51-9448-3642B544CEBD}
HKEY_CLASSES_ROOT\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}
HKEY_CLASSES_ROOT\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}
HKEY_CLASSES_ROOT\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{9AEE3F7A-A79F-4B41-BC48-E7946FFEAB35}
HKEY_CLASSES_ROOT\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{9BD0749C-12DC-4D2B-A4F6-9E52F0F38A6C}
HKEY_CLASSES_ROOT\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}
HKEY_CLASSES_ROOT\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}
HKEY_CLASSES_ROOT\Interface\{9E274DCA-9B35-4B99-904F-76F2C5B59F76}
HKEY_CLASSES_ROOT\Interface\{A36ECFBE-FAAA-417D-9D41-7FEF98FDE554}
HKEY_CLASSES_ROOT\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}
HKEY_CLASSES_ROOT\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{ABF74802-8E5B-44EA-880E-8E128A06A113}
HKEY_CLASSES_ROOT\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{B0D1DB92-DE05-4926-A5DC-01F3F9857587}
HKEY_CLASSES_ROOT\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}
HKEY_CLASSES_ROOT\Interface\{B310295D-E006-4E5A-9CBE-FA7C092F2FC3}
HKEY_CLASSES_ROOT\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}
HKEY_CLASSES_ROOT\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}
HKEY_CLASSES_ROOT\Interface\{BD307C4E-6FC9-40FB-B15E-BEC6851EF52C}
HKEY_CLASSES_ROOT\Interface\{BE0B3F76-166A-4DA5-A97C-318595E3D15C}
HKEY_CLASSES_ROOT\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}
HKEY_CLASSES_ROOT\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}
HKEY_CLASSES_ROOT\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}
HKEY_CLASSES_ROOT\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{D2A3A842-FBA3-49D4-8806-7734716364A2}
HKEY_CLASSES_ROOT\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DBBBE57D-A05D-43EC-8408-ED3EAA713963}
HKEY_CLASSES_ROOT\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}
HKEY_CLASSES_ROOT\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}
HKEY_CLASSES_ROOT\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{F8CB9A40-3665-4D33-B239-32CA4C7B8DEA}
HKEY_CLASSES_ROOT\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}
HKEY_CLASSES_ROOT\Setup.Player
HKEY_CLASSES_ROOT\Setup.Player.2K2
HKEY_CLASSES_ROOT\TypeLib\{94636247-BC39-4B8B-A728-2D1FBEBFA76A}
HKEY_CLASSES_ROOT\TypeLib\{BC44B51D-1A01-4B50-92F2-E7D736F75DA8}
HKEY_LOCAL_MACHINE\SOFTWARE\comScore Networks, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\A32C2B8361CA79FB7DCD14CBDA793D0DF855991C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\F8D953700E84F3945390C81A1A3BF929C8A29EB7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\{a71b1608-0de3-445d-afc1-16cc74422a9e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_TAPISRV\0000\Control
Values Added
Over 600 registry entries were added.
Network Impact
Possible performance impact due to delays relaying data through the Marketscore proxy network.
Posts
No comments:
Post a Comment