U.S. universities are struggling with a flare-up of dangerous spyware that can snoop on information encrypted using SSL (Secure Sockets Layer). Experts are warning that the stealthy software, called Marketscore, could be used to intercept a wide range of sensitive information, including passwords and health and financial data.

In recent weeks, IT departments at a number of universities issued warnings about problems caused by the Marketscore software, which promises to speed up Web browsing. The program, which routes all user traffic through its own network of servers, poses a real threat to user privacy, security experts agree.

Columbia University, Cornell University, Indiana University, The State University of New York (SUNY) at Albany, and The Pennsylvania State University are among those noting an increase in the number of systems running Marketscore software in recent weeks. Each institution warned their users about Marketscore and posted instructions for removing the software.

The software is bundled with iMesh peer-to-peer software, and may have made it onto university networks that way, said David Escalante, director of computer security at Boston College.

The company that makes the software, Marketscore, has headquarters in Reston, Va., at the same mailing address as online behavior tracking company ComScore Networks.

ComScore CEO Magid Abraham said that the Marketscore software is similar to other market research tools, in which subjects agree to give information in exchange for a gift or valuable service. In the case of Marketscore, the premium for sharing information is use of the acceleration software, he said.

Reports of infected systems on campuses ranged from a handful up to about 200 on one large campus network, Escalante said.

Marketscore is just the latest incarnation of a spyware program called Netsetter, which first appeared in January, said Sam Curry, vice president of eTrust Security Management at Computer Associates.

"Basically it takes all your Web traffic and forces it through its own proxy servers," he said.

Ostensibly, the redirection speeds up Web surfing, because pages cached on Marketscore's servers load faster than they would if they were served directly from the actual Web servers for sites such as Google.com or Yahoo.com. However, those performance benefits have been elusive.

"People who have installed the software complain to us that they're not getting any improvement," Curry said.

Richard Smith, an independent software consultant in Boston, is also skeptical of performance improvement claims made by Marketscore and others, especially since many Internet service providers already offer Web caching for their dial-up customers, he said in an e-mail message.

But tests conducted by ComScore of Web surfing performance over dial-up connections with a variety of ISPs show that the Marketscore software shortened page loading times for most ISP customers by 40%, Abraham said.

He acknowledged that some dial-up customers may not notice improvements, depending on their ISP, and that broadband customers would hardly notice the improvement in page loading times because of the speed with which Web pages load over those connections.

At Cornell, the university IT Security Office blocked connections between Cornell's network and the Marketscore servers, according to a message posted on the university's Web site. Administrators at SUNY Albany took similar steps, according to a message posted on that university's Web site.

The IDG News Service is a Network World affiliate.