Typhoid adware is a type of

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

threat A threat is a communication of intent to inflict harm or loss on another person. Intimidation is a tactic used between conflicting parties to make the other timid or psychologically insecure for coercion or control. The act of intimidation for co ...

that uses a

Man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

to inject advertising into web pages a user visits when using a public network, like a

Wi-Fi hotspot A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider. Public hotspots may be created b ...

. Researchers from the

University of Calgary The University of Calgary (U of C or UCalgary) is a public research university located in Calgary, Alberta, Canada. The University of Calgary started in 1944 as the Calgary branch of the University of Alberta, founded in 1908, prior to being ins ...

identified the issue, which does not require the affected computer to have

adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...

installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential

countermeasures A countermeasure is a measure or action taken to counter or offset another one. As a general concept, it implies precision and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process. The fi ...

."Will Typhoid adware become an epidemic?"
/ref>Beware Typhoid Adware
/ref>

Description

The environment for the threat to work is an area of non-encrypted

wireless connection A wireless network is a computer network that uses wireless data connections between network nodes. Wireless networking is a method by which homes, telecommunications networks and business installations avoid the costly process of introducing c ...

, such as a wireless

internet cafe The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...

or other

s. Typhoid adware would trick a laptop to recognize it as the wireless provider and inserts itself into the

route Route or routes may refer to: * Route (gridiron football), a path run by a wide receiver * route (command), a program used to configure the routing table * Route, County Antrim, an area in Northern Ireland * ''The Route'', a 2013 Ugandan film * Ro ...

of the wireless connection between the computer and the actual provider. After that the

may insert various advertisements into the

data stream In connection-oriented communication, a data stream is the transmission of a sequence of digitally encoded coherent signals to convey information. Typically, the transmitted symbols are grouped into a series of packets. Data streaming has b ...

to appear on the computer during the browsing session. In this way even a video stream, e.g., from

YouTube YouTube is a global online video sharing and social media platform headquartered in San Bruno, California. It was launched on February 14, 2005, by Steve Chen, Chad Hurley, and Jawed Karim. It is owned by Google, and is the second mo ...

may be modified. What is more, the adware may run from an infested computer whose owner would not see any manifestations, yet will affect neighboring ones. For the latter peculiarity it was named in an analogy with Typhoid Mary (Mary Mallon), the first identified person who never experienced any symptoms yet spread infection. At the same time running

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

on the affected computer is useless, since it has no adware installed. The implemented

proof of concept Proof of concept (POC or PoC), also known as proof of principle, is a realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has prac ...

was described in an article written in March 2010, by Daniel Medeiros Nunes de Castro, Eric Lin, John Aycock, and Mea Wang."Typhoid Adware"
/ref> While typhoid adware is a variant of the well-known

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

, the researchers point out a number of new important issues, such as protection of video content and growing availability of public wireless internet access which are not well-monitored. Researchers say that annoying advertisements are only the tip of the iceberg. A serious danger may come from, e.g., promotions of rogue antivirus software seemingly coming from a trusted source.

Defenses

Suggested countermeasures include: *Various approaches to detection of

ARP spoofing In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends ( spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the a ...

, rogue

DHCP server The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a cli ...

s and other "man-in-the-middle" tricks in the network by

network administrator A network administrator is a person designated in an organization whose responsibility includes maintaining computer infrastructures with emphasis on local area networks (LANs) up to wide area networks (WANs). Responsibilities may vary between org ...

s *Detection of content modification *Detection of timing anomalies *Using encrypted connections, such as using

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

for Web browsing. Encryption prevents

MITM attacks In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

from succeeding; common Web browsers would display a security warning if the adware on the infected computer would have modified the encrypted traffic while in transit to the uninfected victim. Websites are increasingly upgrading to HTTPS, and as of 2019, there are new methods for encrypting other kind of Internet traffic, such as recursive DNS. All these approaches have been investigated earlier in other contexts.

References

{{Reflist Wireless networking Adware Types of malware

Description

Defenses

See also

References