Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43436
  • Total Topics: 16530
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2963
Total: 2966









Author Topic: New Threat for Wireless Networks - Typhoid Adware  (Read 3567 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Computer security researchers at the University of Calgary have developed a way to distribute adware without having to convince potential victims to install the adware on their computers.

The researchers -- associate professor John Aycock, assistant professor Mea Wang, and students Daniel Medeiros Nunes de Castro and Eric Lin -- call their attack as "Typhoid Adware" because it spreads like a contagion from an infected computer to other computers connected to the same WiFi hotspot or wired network.

"Not only are ads annoying but they can also advertise rogue antivirus software that's harmful to your computer, so ads are in some sense the tip of the iceberg," said Aycock in a statement.

What makes the attack interesting is that the user of the contagious computer, like the historical figure Typhoid Mary, is likely to be unaware of his or her role in spreading ads to other computers on the same network. What's more, those receiving the ads won't find any malware on their machines, assuming it's adware rather than malicious software that's being spread.

"We have developed three proofs of concept to demonstrate that this is a viable threat, tested it on wired and wireless networks, and inserted advertisements into both HTML and streaming video," the researchers claim in a paper describing the attack published in March and presented in May. "The general idea can be extended for other types of network and applications": http://pages.cpsc.ucalgary.ca/~aycock/papers/eicar10.pdf

The attack involves a form of Address Resolution Protocol (ARP) spoofing in which machines connecting to the network are duped into treating the infected computer as the network gateway rather than the actual router. It is thus a man-in-the-middle attack.

The researchers demonstrated that they could re-write HTML to insert unauthorized ads over authorized ones and to alter Web page text. This technique could just as easily be used to insert a malicious iFrame.

They also showed that they could insert JavaScript, to deliver pop-up banners or floating text ads.

In addition, they demonstrated that they could insert ads into video requested by victims, by caching and altering Flash video files and Flash video streams.

As a defense, the researchers propose a special Internet cafe setting designed to prevent ARP spoofing.

"Our special setting would gather the MAC address of that router and automatically set it in the static IP-to- MAC mapping table at the client’s machine," the researchers explain. "By doing this, even if a malicious node is able to send fake ARP messages to the router, the ARP spoofing process would fail as the potential victim would not accept the malicious MAC address as being the router's."

(Techweb)

Samker's Computer Forum - SCforum.info


luffy

  • SCF Member
  • **
  • Posts: 44
  • KARMA: 13
Re: New Threat for Wireless Networks - Typhoid Adware
« Reply #1 on: 24. May 2010., 07:05:50 »
No more free Wifi >:D.

Samker's Computer Forum - SCforum.info

Re: New Threat for Wireless Networks - Typhoid Adware
« Reply #1 on: 24. May 2010., 07:05:50 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023