Software programs that insert new ads or replace existing ones on pages that Internet users visit when browsing the Web present a clear and growing security danger, Google said in a report released this week.
The report, developed in conjunction with researchers at the University of California at Berkeley and at Santa Barbara, examined the prevalence of ad injector programs on the Web.
To conduct the study, the researchers built what Google described as an ad injector detector for Google sites and observed the programs in action over the course of several months in 2014. What they discovered was that more than 5.5 percent of all unique IP addresses accessing Google sites—a number thought to be in the millions—were infected with ad injection programs.
“Deceptive ad injection is a significant problem on the web today,” Kurt Thomas, a member of Google’s spam and abuse research team, said in a blog post. “Unwanted ad injectors are not only annoying, they can pose serious security risks to users as well.” According to Google, the problems caused by ad injectors have become so acute that the company has received more than 100,000 complaints about it from Chrome users just since the beginning of this year.
Ad injectors infect browsers like Chrome, Internet Explorer and Safari and basically are used to serve up unwanted ads on pages that users may be browsing at a particular time. Distributors of these programs typically make money on every click that users make on the ads that are served up.
During the study, the researchers from Google and the other organizations discovered a staggering 50,000 browser extensions and more than 30,000 software applications capable of taking control of a user’s browser to inject ads.
“Upwards of 30% of these packages were outright malicious and simultaneously stole account credentials, hijacked search queries, and reported a user’s activity to third parties for tracking,” Thomas said. An astonishing 5.1 percent of all page views on Windows and 3.4 percent of page views on Mac showed signs of ad injection, he noted.
Ad injection malware is distributed in a variety of ways but most commonly by bundling it with other free and popular software downloads. Malware distribution and social advertising campaigns are two other fairly typical ways in which the injectors are distributed. During the study, the researchers found that ad affiliation networks play a major part in delivering the malware on end-user browsers.
The ads that these injectors deliver come from a collection of about two dozen businesses that supply “injection libraries” containing ads to be served up on a user’s browsers. Many of the ads that are being illegally injected actually are from legitimate businesses that have little inkling of what is going on or how their advertisements are being manipulated to drive traffic to their sites.
Google and the other researchers discovered more than 3,000 advertisers whose ads were being displayed improperly on end-user browsers via ad injectors. Among the companies whose advertisements were being delivered this way were Walmart, Sears, Target and eBay.
“Because advertisers are generally only able to measure the final click that drives traffic to their sites, they’re often unaware of many preceding twists and turns, and don’t know they are receiving traffic via unwanted software and malware,” Thomas said.
Based on the findings in the report, Google has removed 192 deceptive Chrome extensions that impacted some 14 million users. Google has also updated Chrome so users get an alert and a red warning when they are about to download malicious software, Thomas said.
Google has also been reaching out to advertisers to inform them of what is going on, he said.