Block IE Snare and get your defences up

Block IE Snare and get your defences up

Quite a few of you have been asking about whether Bookmakers can tell what you are doing and if you will get your accounts shut down, so here are the answers to those questions and what you can do about it.

What on earth is IE Snare?

IE snare is a web tool used by a majority of the online bookmakers in order to counter ‘fraud and abuse’. It tracks information about your computer and browsing habits including:

  • Websites visited
  • Time spent on websites
  • Unique information about your computer

All of this allows the bookmakers to track where you’ve been and gives them an idea of what you’ve been doing there.

Why would this matter to me?

Online bookmakers are keen to identify anyone that they might consider as a ‘sharp punter’ -anyone who is going to cost them money. Matched Betting is a great example of how some people are able to make money for themselves at the expense of the bookmaker’s profit and so they’re keen to catch us.

By tracking your internet history, bookmakers are able to spot people who constantly bounce between many different online betting sites and the big online betting exchanges like Betfair. If they think that you may be a matched bettor or sharp punter who’s shopping around for the very highest odds on a bet; it’s possible that they’ll ban you from receiving any more free bet promotions – this is called ‘being gubbed’.

Can I check if I’ve been infected?

The easiest way to check is to run a search on your computer for ‘mpsnare’

If IE Snare has been installed on your machine then it will find one or more of the following folders:

  • #mpsnare.iesnare.com
  • #ci-mpsnare-iovation.com
  • mpsnare.iesnare.com
  • ci-mpsnare.iovation.com

Another way is to run a command prompt (Go to Start – Run – ‘CMD’):

snare1

Then in the black box type: dir mp*.com/s

 How to remove IE Snare

Removing IE Snare is as simple as deleting the folders found from the above searches. This will remove all history that IE Snare has stored and so you will be safe until it gets installed onto your machine again.

Given that many online betting sites are using IE Snare, there is a good chance your machine will become infected again and so you should block IE Snare before you get infected.

How to block IE Snare

Blocking IE Snare won’t stop it from being installed onto your computer, but it does stop it from reporting back any ‘findings’ to the betting sites, therefore making it useless at tracking your matched betting activities. So, to stop it from reporting back you need to amend your computer’s ‘host file’.

– Go to: Start – Run – Notepad – Right click on ‘notepad’ and select ‘Run as Administrator’

snare2

Within Notepad go to: File – Open

Then in the drop-down box select ‘All Files’:

snare3

In the File Name box type: C:\Windows\System32\Drivers\Etc and then press ‘Open’

snare4

Right click on ‘hosts’ and select ‘Properties’ from the bottom of the list

 

 

snare5a

Ensure that the box next to ‘Read-Only’ is unticked

snare5

Click ‘Apply’ then ‘OK’. Now double click on ‘hosts’. It will open up and look like this:

snare6

Copy and paste all of the below into the Notepad below the line ‘127.0.0.1 localhost’:

127.0.0.1iesnare.com
127.0.0.1iesnare.co.uk
127.0.0.1www.iesnare.co.uk
127.0.0.1mpsnare.iesnare.com
127.0.0.1mpsnare.iesnare.co.uk
127.0.0.1www.mpsnare.iesnare.com
127.0.0.1www.mpsnare.iesnare.co.uk
127.0.0.1ci-mpsnare.iesnare.com
127.0.0.1ci-mpsnare.iesnare.co.uk
127.0.0.1www.ci-mpsnare.iesnare.com
127.0.0.1www.ci-mpsnare.iesnare.co.uk
127.0.0.1admin.iesnare.co.uk
127.0.0.1www.admin.iesnare.com
127.0.0.1www.admin.iesnare.co.uk
127.0.0.1iovation.com
127.0.0.1iovation.co.uk
127.0.0.1www.iovation.com
127.0.0.1www.iovation.co.uk
127.0.0.1www.iesnare.com
127.0.0.1admin.iesnare.com
127.0.0.1dra.iesnare.com
127.0.0.1impsnare.iesnare.com
127.0.0.1mpsnare.iesnare.com
127.0.0.1mx.iesnare.com
127.0.0.1snare.iesnare.com
127.0.0.1iovation.com
127.0.0.1accountlock-demo.iovation.com
127.0.0.1admin.iovation.com
127.0.0.1bam-pilot.iovation.com
127.0.0.1batch.iovation.com
127.0.0.1ci-accountlock.iovation.com
127.0.0.1ci-admin.iovation.com
127.0.0.1ci-mpsnare.iovation.com
127.0.0.1ci-snare.iovation.com
127.0.0.1dv-fw-a-nat.iovation.com
127.0.0.1ioit.iovation.com
127.0.0.1mx.iovation.com
127.0.0.1p.iovation.com
127.0.0.1rm-admin-demo.iovation.com
127.0.0.1soap.iovation.com
127.0.0.1test.iovation.com
127.0.0.1 testgw.iovation.com

So it now looks like:

snare7

Go to File and click ‘Save’

snare8

Close notepad, restart your machine and that’s it.

How to check that it has worked

You can check the block has worked by:

Start – Run – CMD

Then in the black box type:

ping mpsnare.iesnare.com

The reply should come back from 127.0.0.1 and look like:

Pinging mpsnare.iesnare.com [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Hope that's of some help to you all.

Emma

 

Posted on: November 10, 2016