Warning for Visitors to Ombudsman's Web site This message describes a specific spyware risk for anyone who recently visited the Office of the Ombudsman Web site, and a general warning to MSU Webmasters about the use of third party Web page counter software. On Friday, February 13, 2004, we discovered that the Ombudsman’s Web site, http://www.msu.edu/unit/ombud/ , was attempting to download spyware. (Spyware is software that attempts to locate personal information on your computer, which it then forwards to others on the Internet.) The Ombudsman site itself was not compromised; however, it was linking to an off-campus Web page counter service, which in turn was serving a banner ad that attempts to infect visitors’ computers. Any computer used to visit the Ombudsman Web site before February 13 could be infected with spyware. In some cases, anti-virus software may have detected the intrusion attempt and prevented infection. In other cases, spyware is able to infect computers even if you use anti-virus software. After infection, the user’s Internet Explorer settings were changed, a “tracking cookie” installed, and an Internet site called findthewebsiteyouneed was accessed. Here is Symantec’s description of the exploit tool used: http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.ht ml Spyware is a growing threat to privacy. You may become a victim of spyware if you install certain software -- file sharing programs are notorious examples – or through other means of infection. Specialized tools are available to scan your computer in order to detect and remove spyware. Two of the most popular anti-spyware tools are Ad-aware and Spybot. You can download current versions of these tools from sites such as http://download.com . We also suggest that all computers be protected with current anti-virus software. The MSU Computer Store offers anti-virus tools at deep discounts, including McAfee anti-virus software for students for $10. See http://cstore.msu.edu . Also, all Windows users should run Windows Update on a regular basis in order to reduce the threat posed by vulnerabilities in the Windows operating system. See http://windowsupdate.microsoft.com . Finally, we urge MSU Webmasters to avoid using third party page counters. Using these page counters could expose your site visitors to similar risks. Moreover, by revealing http referrer information, these services could compromise the privacy of your site visitors, perhaps even violating MSU’s Acceptable Use Policy. Consider using Web log analysis software that aggregates statistics so as to preserve personal privacy in order to measure your site’s popularity. If you have any questions about spyware or safe computing, please contact [log in to unmask] or call 517-432-6200. Rich Wiggins Senior Information Technologist Academic Computing & Network Services [log in to unmask]