alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:12; metadata:created_at 2010_07_30, former_category INFO, updated_at 2020_08_13;)
Added 2020-08-13 17:50:07 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:12; metadata:created_at 2010_07_30, former_category INFO, updated_at 2017_10_27;)
Added 2020-08-05 19:01:31 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; metadata: former_category INFO; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:12; metadata:created_at 2010_07_30, updated_at 2017_10_27;)
Added 2019-12-09 19:11:58 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; metadata: former_category MALWARE; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:12; metadata:created_at 2010_07_30, updated_at 2017_10_27;)
Added 2018-09-13 19:37:30 UTC
Added 2018-09-13 17:52:34 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; metadata: former_category MALWARE; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:12; metadata:created_at 2010_07_30, updated_at 2017_10_27;)
Added 2017-10-27 16:26:58 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; metadata: former_category MALWARE; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:11; metadata:created_at 2010_07_30, updated_at 2017_05_12;)
Added 2017-08-07 20:55:34 UTC
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE PUP/PUA OSSProxy HTTP Header"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:11;)
Added 2017-05-12 17:26:28 UTC
#alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow:to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:10;)
Added 2017-05-11 17:17:11 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; classtype:policy-violation; sid:2001564; rev:10;)
Added 2011-10-12 19:10:40 UTC
Analysis
SecureStudies?.com OSSProxy
MarketScore? OpinionSpy? Adware/PUP/Trojan/Malware comScore vs Nielsen
By admin | May 23, 2016
http://www.computersecurity.org/computer-cyber-security-news/analysis-securestudies-com-ossproxy-marketscore-opinionspy-adwarepupriskware-or-malware/
This may hug the border between adware and spyware.
--
RobF - 2016-06-07
We blocked Securestudies originally in our organization when the first article came out around 2009 but our researchers analyzed the binaries and researched the company. the computersecurity.org site has it right, this is just adware. If you don't want it on your system you can just uninstall it.
Jim
--
JimFrost - 2016-07-28
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; classtype:policy-violation; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; sid:2001564; rev:10;)
Added 2011-09-14 21:01:34 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; threshold: type limit, count 5, seconds 300, track by_src; classtype:policy-violation; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid:2001564; rev:10;)
Added 2011-07-15 17:53:26 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy|3a| OSSProxy"; http_header; classtype: policy-violation; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid:2001564; rev:9;)
Added 2011-02-04 17:21:31 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid:2001564; rev:6;)
Added 2010-06-23 13:46:05 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid:2001564; rev:6;)
Added 2010-06-23 13:46:05 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)
Added 2009-02-08 17:45:22 UTC
For more information on
MarketScore?.com spyware;
http://www.symantec.com/security_response/writeup.jsp?docid=2004-042117-5317-99&tabid=3
--
PaulEdwards - 29 Apr 2009
I'm seeing what appear to be false +ves from securestudies.com -- same proxy software but legit use ?
McAfee? site advisor thinks it is OK
--
RussellFulton - 17 May 2010
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)
Added 2009-02-08 17:45:22 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)
Added 2009-02-08 17:42:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; reference:url,doc.emergingthreats.net/bin/view/Main/2001564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/MALWARE/MALWARE_MarketScore; sid: 2001564; rev:6;)
Added 2009-02-08 17:42:35 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:5;)
Added 2008-01-28 17:24:18 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET MALWARE
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:5;)
Added 2008-01-28 17:24:18 UTC
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Malware
MarketScore?.com Spyware Proxied Traffic"; flow: to_server,established; content:"X-OSSProxy\: OSSProxy"; reference:url,www.marketscore.com; reference:url,www.spysweeper.com/remove-marketscore.html; classtype: policy-violation; sid: 2001564; rev:4; )