Researchers Target Wireless Users With Viral Adware

Researchers from the University of Calgary, in Alberta, Canada, have developed proof-of-concept implementations of a scheme that exploits unencrypted wireless connections to blast PCs with ads.

In a paper on 9 March, the researchers described how the adware—dubbed Typhoid—convinces laptops to communicate with it as opposed to a legitimate access point. Next, the adware inserts its advertisements in videos and Web pages on other computers.

Typhoid Adware

The computers it targets do not see the adware, because it is not installed on their machines. Likewise, the user whose computer is infected with the adware does not see any ads, so the user may not know the machine has been compromised. The researchers named the threat after Typhoid Mary, who unknowingly infected people with typhoid fever.

“Typhoid adware is designed for public places where people bring their laptops,” Associate Professor John Aycock, co-author of the paper, said in a statement on 21 May. “It’s far more covert, displaying advertisements on computers that don’t have the adware installed, not the ones that do.”

According to the authors, Typhoid adware can be implemented using techniques such as ARP (Address Resolution Protocol) spoofing and proxies, and was successfully demonstrated in both wired and wireless networks modifying a variety of content that included streaming video. “Even in the most overhead-intensive case, streaming video, the victim still receives the content in a reasonable time,” the authors wrote in the paper.

Defences against Typhoid

The researchers offered up “a number of defenses” against Typhoid, including “protecting the content of videos to ensure that what users see comes from the original source,” the university statement said. Another defense is to “tell laptops they are at an Internet cafe to make them more suspicious of contact from other computers.”

“When you go to an Internet cafe, you tell your computer you are there and it can put up these defenses,” Aycock said. “Antivirus companies can do the same thing through software that stops your computer from being misled and redirected to someone else.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: Wireless

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago