Typhoid adware
Encyclopedia
Typhoid adware is a new potential type of computer security
threat
identified by researchers from the University of Calgary
which does not require the affected computer to have adware
installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential countermeasures
.
or other WiFi hotspots. Typhoid adware would trick a laptop to recognize it as the wireless provider and inserts itself into the route
of the wireless connection between the computer and the actual provider. After that the adware
may insert various advertisements into the data stream
to appear on the computer during the browsing session. In this way even a video stream, e.g., from YouTube
may be modified. What is more, the adware may run from an infested computer whose owner would not see any manifestations, yet will affect neighboring ones. For the latter peculiarity it was named in an analogy with Typhoid Mary (Mary Mallon), the first identified person who never experienced any symptoms yet spread infection. At the same time running antivirus on the affected computer is useless, since it has no adware installed.
The implemented proof of concept
was described in an article written in March 2010, by Daniel Medeiros Nunes de Castro, Eric Lin, John Aycock, and Mea Wang.
While typhoid adware is a variant of the well-known man-in-the-middle attack
, the researchers point out a number of new important issues, such as protection of video content and growing availability of public wireless internet access which are not well-monitored.
Researchers say that annoying advertisements are only the tip of the iceberg. A serious danger may come from, e.g., promotions of rogue antivirus software seemingly coming from a trusted source.
All these approaches have been investigated earlier in other contexts.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
threat
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
identified by researchers from the University of Calgary
University of Calgary
The University of Calgary is a public research university located in Calgary, Alberta, Canada. Founded in 1966 the U of C is composed of 14 faculties and more than 85 research institutes and centres.More than 25,000 undergraduate and 5,500 graduate students are currently...
which does not require the affected computer to have adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential countermeasures
Countermeasure (computer)
In Computer Security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.The definition is...
.
Description
The environment for the threat to work is an area of non-encrypted wireless connection, such as a wireless internet cafeInternet cafe
An Internet café or cybercafé is a place which provides internet access to the public, usually for a fee. These businesses usually provide snacks and drinks, hence the café in the name...
or other WiFi hotspots. Typhoid adware would trick a laptop to recognize it as the wireless provider and inserts itself into the route
Routing
Routing is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
of the wireless connection between the computer and the actual provider. After that the adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
may insert various advertisements into the data stream
Data stream
In telecommunications and computing, a data stream is a sequence of digitally encoded coherent signals used to transmit or receive information that is in the process of being transmitted....
to appear on the computer during the browsing session. In this way even a video stream, e.g., from YouTube
YouTube
YouTube is a video-sharing website, created by three former PayPal employees in February 2005, on which users can upload, view and share videos....
may be modified. What is more, the adware may run from an infested computer whose owner would not see any manifestations, yet will affect neighboring ones. For the latter peculiarity it was named in an analogy with Typhoid Mary (Mary Mallon), the first identified person who never experienced any symptoms yet spread infection. At the same time running antivirus on the affected computer is useless, since it has no adware installed.
The implemented proof of concept
Proof of concept
A proof of concept or a proof of principle is a realization of a certain method or idea to demonstrate its feasibility, or a demonstration in principle, whose purpose is to verify that some concept or theory that has the potential of being used...
was described in an article written in March 2010, by Daniel Medeiros Nunes de Castro, Eric Lin, John Aycock, and Mea Wang.
While typhoid adware is a variant of the well-known man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
, the researchers point out a number of new important issues, such as protection of video content and growing availability of public wireless internet access which are not well-monitored.
Researchers say that annoying advertisements are only the tip of the iceberg. A serious danger may come from, e.g., promotions of rogue antivirus software seemingly coming from a trusted source.
Defenses
Suggested countermeasures include:- Various approaches to detection of ARP spoofingARP spoofingARP spoofing, also known as ARP cache poisoning or ARP poison routing , is a technique used to attack a local-area network . ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether...
, rogue DHCP servers and other "man-in-the-middle" tricks in the network by network administratorNetwork administratorA network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a computer network...
s - Detection of content modification
- Detection of timing anomalies
All these approaches have been investigated earlier in other contexts.
See also
- countermeasure (computer)Countermeasure (computer)In Computer Security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.The definition is...
- Mobile virusMobile virusA mobile virus is an electronic virus that targets mobile phones or wireless-enabled PDAs.As wireless phone and PDA networks become more numerous and more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or other malicious software .-History:The...
- Piggybacking (Internet access)Piggybacking (internet access)Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary by...
- Threat (computer)Threat (computer)In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
- Vulnerability (computing)Vulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
- Wireless LAN security
- Wireless intrusion prevention system