When ISPs Attack!

Here is a scary story about a company, Nebuad (no link juice for you!) that performs a MITM attack all in the name of better ads. Now sniffing to get better data on your customers has been around for a while. In fact I worked at a company that did this as part of our offering. Where NebuAd goes over the line is they manipulate the traffic to get their ad code in the mix.

But Free Press and Public Knowledge found that sometimes when a WOW subscriber visited Yahoo or Google, NebuAd faked an additional packet of data that appears to be the last part of the downloaded Google webpage. The extra packet included NebuAd-written JavaScript that directs users’ browsers to a NebuAd-owned domain named faireagle.com, where the company drops tracking cookies from other domains and companies on the user’s computer. These can be used later to deliver customized ads based off analysis of where people have gone on the web or what search terms they have used.

Cool so not only are they sniffing traffic they are now inject JavaScript and making it appear to originate from Google. This technique is the same one used by the ever popular and super fun Airpwn. Now what would happen if NebuAds servers where compromised? The ultimate JS malware distrubution platform would be born!


Leave a Reply

Your email address will not be published. Required fields are marked *