What Is IE Snare And How To Remove It
August 15, 2016
There is a lot of mistrust in the matched betting community, and the wider gambling community in general, about IE Snare, a fraud protection system developed by Iovation. IE Snare is used by a number of online betting sites to counter fraud and abuse of their terms and conditions which has raised concerns that customers may be being spied on from their own computers.
What is IE Snare and what does it do?
Iovation is a big player in the world of online fraud management and actively target the online gaming sector who they see as vulnerable to online fraud and abuse. IE Snare is often referred to as spyware which is used to protect online businesses by matching distinct device identities to online accounts and sharing the information with other organisations on the IE Snare network.
For legal reasons, it cannot store any personal information about you but can share a lot of details about your computer and its browsing habits. Among the many details taken from your device are:
- Identification data about your computer
- Browser and operating system information
- Information about your registry
- Web pages visited
- Time spent on websites
Basically, it creates a ”fingerprint” which allows bookmakers to track activity from the computer. It is designed to be used to help stop customers who have engaged in undesirable activity such as credit card fraud, collusion, claims fraud among other security breaches. It is done by giving the device a score, much like a credit rating, which can be used to refuse account applications.
Should matched bettors be worried about IE Snare?
As intrusive as IE Snare is, it doesn’t stop you from having accounts with as many bookmakers as you want. What it can do is detect multiple accounts being used from the same PC, which is against the terms and conditions of many betting sites.
Theoretically, your device can be tagged for arbing and trading restrictions but it is unlikely since it’s understood that Iovation makes the decision to flag a device automatically based on its score, which could be for any number of violations of terms and conditions.
There is no evidence to suggest that bookmakers are using the data stored by Iovation to monitor bonus abuse, arbing or unprofitable business as they have more than adequate in-house data management solutions for this. It’s highly unlikely they share this information with each other as it is illegal and far too big a corporate risk.
What may be more of a concern is that Iovation can sell the data about your device to just about anyone and this study at the University of California shows it is largely being sold on for the purpose of malware and spam.
How can I tell if IE Snare is installed on my computer?
The easiest way to check if IE Snare has been downloaded onto your computer is to use the file search function on your device.
Type “mpsnare” into the search box and if IE Snare has been used on your computer it will be found in one of the following folders:
- #mpsnare.iesnare.com
- #ci-mpsnare-iovation.com
- mpsnare.iesnare.com
- ci-mpsnare.iovation.com
To remove IE Snare from your system, simply delete any of the above folders found in your search.
There are so many gambling websites using IE Snare that if you’ve found it, there is a chance it will install on your device again and you may want to take steps to block it.
I’ve run this check and not found any mpsnare folders or files on my computer. The following information is therefore, not thoroughly tested by me and should be followed at your own risk.
How to block IE Snare
You can block IE Snare by fooling your computer into thinking that the IE Snare website is actually hosted on your own computer. So every time it tries to connect with one of the IE Snare sites the connection is made to your computer where it is rendered harmless because you are not running a web server (or the scripts required to understand what’s going on).
You do this by modifying your hosts file on Windows pc, as follows:
Make sure you are logged in as administrator
Click the Start button, click Notepad (or type Notepad in the search box)
Right-click on the Notepad item which appears at the top of the list
Choose “Run as administrator” which opens an “Untitled” file
Go to File and click Open
In the File name box, enter “C:\WINDOWS\system32\drivers\etc”.
In the drop down box, select “All Files” and click “Open”
Right click on “hosts” file (make sure it only says hosts, not hosts.bak or hosts.txt)
Go to “Properties” and uncheck “Read-only” box at bottom beside “Attributes”
Click “Apply” then “OK”
Now double click “hosts” to open the file
Copy and Paste the following lines in the next line below where it says “127.0.0.1 localhost”
127.0.0.1 iesnare.com
127.0.0.1 iesnare.co.uk
127.0.0.1 www.iesnare.co.uk
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.co.uk
127.0.0.1 www.mpsnare.iesnare.com
127.0.0.1 www.mpsnare.iesnare.co.uk
127.0.0.1 ci-mpsnare.iesnare.com
127.0.0.1 ci-mpsnare.iesnare.co.uk
127.0.0.1 www.ci-mpsnare.iesnare.com
127.0.0.1 www.ci-mpsnare.iesnare.co.uk
127.0.0.1 admin.iesnare.co.uk
127.0.0.1 www.admin.iesnare.com
127.0.0.1 www.admin.iesnare.co.uk
127.0.0.1 iovation.com
127.0.0.1 iovation.co.uk
127.0.0.1 www.iovation.com
127.0.0.1 www.iovation.co.uk
127.0.0.1 www.iesnare.com
127.0.0.1 admin.iesnare.com
127.0.0.1 dra.iesnare.com
127.0.0.1 impsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mx.iesnare.com
127.0.0.1 snare.iesnare.com
127.0.0.1 iovation.com
127.0.0.1 accountlock-demo.iovation.com
127.0.0.1 admin.iovation.com
127.0.0.1 bam-pilot.iovation.com
127.0.0.1 batch.iovation.com
127.0.0.1 ci-accountlock.iovation.com
127.0.0.1 ci-admin.iovation.com
127.0.0.1 ci-mpsnare.iovation.com
127.0.0.1 ci-snare.iovation.com
127.0.0.1 dv-fw-a-nat.iovation.com
127.0.0.1 ioit.iovation.com
127.0.0.1 mx.iovation.com
127.0.0.1 p.iovation.com
127.0.0.1 rm-admin-demo.iovation.com
127.0.0.1 soap.iovation.com
127.0.0.1 test.iovation.com
127.0.0.1 testgw.iovation.com
Go to “File” and click “Save”
Close Notepad, restart your computer and your are done.
Check IE Snare is blocked
You can check your changes to the “host” file have worked as follows:
Type “cmd” in the search box and left click cmd.exe to open
Type “ping mpsnare.iesnare.com”
You should see a reply from 127.0.0.1 as follows
Pinging mpsnare.iesnare.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Instructions for Mac computers
Launch Terminal, found in /Applications/Utilities/ or launched through Spotlight
Type the following command at the prompt to backup hosts file to documents folder:
sudo cp /private/etc/hosts ~/Documents/hosts-backup
Type the following command at the prompt to open hosts file:
sudo nano /private/etc/hosts
Enter the administrator password when requested – you will not see it typed on screen – then press enter/return
Once the hosts file is loaded within nano, use the arrow keys to navigate to the bottom of the hosts file to make your modifications. Add the same lines as in the instructions above:
127.0.0.1 iesnare.com
127.0.0.1 iesnare.co.uk
127.0.0.1 www.iesnare.co.uk
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.co.uk
127.0.0.1 www.mpsnare.iesnare.com
127.0.0.1 www.mpsnare.iesnare.co.uk
127.0.0.1 ci-mpsnare.iesnare.com
127.0.0.1 ci-mpsnare.iesnare.co.uk
127.0.0.1 www.ci-mpsnare.iesnare.com
127.0.0.1 www.ci-mpsnare.iesnare.co.uk
127.0.0.1 admin.iesnare.co.uk
127.0.0.1 www.admin.iesnare.com
127.0.0.1 www.admin.iesnare.co.uk
127.0.0.1 iovation.com
127.0.0.1 iovation.co.uk
127.0.0.1 www.iovation.com
127.0.0.1 www.iovation.co.uk
127.0.0.1 www.iesnare.com
127.0.0.1 admin.iesnare.com
127.0.0.1 dra.iesnare.com
127.0.0.1 impsnare.iesnare.com
127.0.0.1 mpsnare.iesnare.com
127.0.0.1 mx.iesnare.com
127.0.0.1 snare.iesnare.com
127.0.0.1 iovation.com
127.0.0.1 accountlock-demo.iovation.com
127.0.0.1 admin.iovation.com
127.0.0.1 bam-pilot.iovation.com
127.0.0.1 batch.iovation.com
127.0.0.1 ci-accountlock.iovation.com
127.0.0.1 ci-admin.iovation.com
127.0.0.1 ci-mpsnare.iovation.com
127.0.0.1 ci-snare.iovation.com
127.0.0.1 dv-fw-a-nat.iovation.com
127.0.0.1 ioit.iovation.com
127.0.0.1 mx.iovation.com
127.0.0.1 p.iovation.com
127.0.0.1 rm-admin-demo.iovation.com
127.0.0.1 soap.iovation.com
127.0.0.1 test.iovation.com
127.0.0.1 testgw.iovation.com
When finished, hit Control+O followed by ENTER/RETURN to save changes to /private/etc/hosts, then hit Control+X to exit out of nano
Comments
James Ragen says
Hello Graham,
Thank you for this very eye opening post, it is very useful! I have a question in regards of the mac instructions. When i check if it's working on mine, it comes up with exactly the same stuff as you have displayeed but 64 bytes and not 32. Do you know why this could be?
And also, if i wanted to undo this, do you know how this can be done?
Thank you
James
says
Hi James
64 bytes is the packet size transmitted across the network and is a variable which can differ from OS to OS. Microsoft's defaults at 32 but it doesn't matter too much if it's 32 or 64.
To undo the block on IE Snare simply delete the entries you made to the hosts file.
Best regards
Graham