money://@surf.mar@ and @signup.mar@

The 'surf.mar' or 'signup.mar' messages are related to MSN and Microsoft Money and are seen in a number of places. The most common way that they are found are through anti-spyware programs, or through curious browsing.

If you are using Microsoft Money, then you may notice money://@surf.mar@ in the Internet Explorer Local Intranet Zone (under control panel -> Internet Explorer -> Security -> Local Intranet -> Sites -> Advanced).

If you browse to that location, with Microsoft Money installed, you'll find it starts the program. This is because Microsoft Money is built on Internet Explorer, and it appears that this is the mechanism within the program to launch pages and navigate within itself. It is not because something external has infiltrated your machine.

You can see the entry within your Internet options below.

@surf.mar@ reference in Internet Explorer

A couple of examples of its use in Microsoft Money are below (paste these into a browser, if you have Money installed):


It is possible to delete the entry in IE, but it sometimes can reappear when starting Microsoft Money again. In fact, some people only see it in the local intranet area if Microsoft Money is running on the machine.
Microsoft Antispyware popup for Trusted Site //@surf.mar@ and @signup.mar@
This message appears when the Microsoft Money or MSN software is installed with the Microsoft Antispyware tool running. The item is also part of Money, but related to the login (Money can use Microsoft Passport as a login mechanism). You should accept this protocol in the antispyware program or else Microsoft Money might not work correctly. The message you will see in a typical antispyware package is displayed on the right (example from Microsoft Antispyware).

If you are using MSN - either the MSN package or the portfolio manager, then you may see a similar item "//@signup.mar@" (This can also be displayed when running Microsoft Money).

When installing MSN, this message can appear in the Microsoft Antispyware tool. You should allow it in the tool or else the MSN package will not function correctly. However, if it occurs in any other non-Microsoft packages, you should be very wary.

In your Antispyware logs, you will see a message similar to:
Internet Explorer Trusted Sites alert

Occurred on: 06/01/2005 at 18:37:15

The user Glyn, has decided to allow the trusted site //@signup.mar@ to Internet Explorer.

About Internet Explorer Trusted Sites: Trusted Sites are web sites that you trust not to damage your computer. Internet Explorers security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run while using that zone. It is also possible to add domains (sites) to particular zones, so that if you are browsing in a web site that is part of a zone that has low security, then you will be allowed to run scripts, potentially d angerous ones, from that web site.
See also Article 149 and Browser Shortcuts - these show some of the ways you can use the reference to access parts of Microsoft Money.

Category: Other

Keywords: AntiSpyware, MSN