Typhoid adware

From Wikipedia, the free encyclopedia
Jump to: navigation, search
How typhoid adware works

Typhoid adware is a type of computer security threat that uses a Man-in-the-middle attack to inject advertising into web pages a user visits when using a public network, like a WiFi hotspot. Researchers from the University of Calgary identified the issue, which does not require the affected computer to have adware installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential countermeasures.[1][2]


The environment for the threat to work is an area of non-encrypted wireless connection, such as a wireless internet cafe or other WiFi hotspots. Typhoid adware would trick a laptop to recognize it as the wireless provider and inserts itself into the route of the wireless connection between the computer and the actual provider. After that the adware may insert various advertisements into the data stream to appear on the computer during the browsing session. In this way even a video stream, e.g., from YouTube may be modified. What is more, the adware may run from an infested computer whose owner would not see any manifestations, yet will affect neighboring ones. For the latter peculiarity it was named in an analogy with Typhoid Mary (Mary Mallon), the first identified person who never experienced any symptoms yet spread infection.[1][3] At the same time running antivirus software on the affected computer is useless, since it has no adware installed.

The implemented proof of concept was described in an article written in March 2010, by Daniel Medeiros Nunes de Castro, Eric Lin, John Aycock, and Mea Wang.[3]

While typhoid adware is a variant of the well-known man-in-the-middle attack, the researchers point out a number of new important issues, such as protection of video content and growing availability of public wireless internet access which are not well-monitored.[3][4]

Researchers say that annoying advertisements are only the tip of the iceberg. A serious danger may come from, e.g., promotions of rogue antivirus software seemingly coming from a trusted source.[1]


Suggested countermeasures include:

All these approaches have been investigated earlier in other contexts.[3]

See also[edit]