Typhoid adware is a type of computer security threat that uses a Man-in-the-middle attack to inject advertising into web pages a user visits when using a public network, like a WiFi hotspot. Researchers from the University of Calgary identified the issue, which does not require the affected computer to have adware installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential countermeasures.
The environment for the threat to work is an area of non-encrypted wireless connection, such as a wireless internet cafe or other WiFi hotspots. Typhoid adware would trick a laptop to recognize it as the wireless provider and inserts itself into the route of the wireless connection between the computer and the actual provider. After that the adware may insert various advertisements into the data stream to appear on the computer during the browsing session. In this way even a video stream, e.g., from YouTube may be modified. What is more, the adware may run from an infested computer whose owner would not see any manifestations, yet will affect neighboring ones. For the latter peculiarity it was named in an analogy with Typhoid Mary (Mary Mallon), the first identified person who never experienced any symptoms yet spread infection. At the same time running antivirus on the affected computer is useless, since it has no adware installed.
While typhoid adware is a variant of the well-known man-in-the-middle attack, the researchers point out a number of new important issues, such as protection of video content and growing availability of public wireless internet access which are not well-monitored.
Researchers say that annoying advertisements are only the tip of the iceberg. A serious danger may come from, e.g., promotions of rogue antivirus software seemingly coming from a trusted source.
Suggested countermeasures include:
- Various approaches to detection of ARP spoofing, rogue DHCP servers and other "man-in-the-middle" tricks in the network by network administrators
- Detection of content modification
- Detection of timing anomalies
All these approaches have been investigated earlier in other contexts.
- Countermeasure (computer)
- Mobile virus
- Piggybacking (Internet access)
- Threat (computer)
- Vulnerability (computing)
- Wireless LAN security
- Wireless intrusion prevention system