Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Google Researchers Find PPI Affects 3X More Users Than Malware

    By
    Michelle Maisto
    -
    August 9, 2016
    Share
    Facebook
    Twitter
    Linkedin
      pay per install

      Pay-per-install (PPI) software may be the new bane of the security world.

      Seventeen Google engineers, along with Damon McCoy, an assistant professor at the New York University Tandon School of Engineering and member of the International Computer Science Institute, studied the issue and have published an 18-page paper that they’ll present at the USENIX Security Symposium Aug. 11.

      The PPI problem works like this: You want a piece a software and download it from Company X; but unknown to you, a number of other actors have paid Company X to let them hop in the trunk and sneak a ride inside on their download.

      The paper’s authors tracked four of the largest commercial PPI networks, classified the software families they bundled together, looked at the distribution techniques they use and measured the impact on end users.

      “While anti-virus and browsers have rolled out defenses to protect users from unwanted software, we find evidence that PPI networks actively interfere with or evade detection,” they wrote in their abstract, estimating that PPI networks drive more than 60 million download attempts each week.

      Put another way, PPI hurts three times as many users as malware does.

      The unwanted software includes, they wrote, “ad injectors that laden a victim’s browser with advertisements, browser settings hijackers that sell search traffic, and user trackers that silently monitor a victim’s browsing behavior.”

      Earlier studies estimate that these extensions affect more than 50 million users.

      Rather than blackmarket PPI, the report authors believe commercial PPI companies may be to blame, incentivized by the additional revenue. One of the largest PPI outfits, said the paper, reported $460 million in revenue in 2014.

      The World of PPI

      In this world, there are so-called advertisers, which own software that they pay third parties to distribute, and publishers, which create or distribute the software applications. When an install is successful, the publisher receives a fraction of the bid the advertiser paid to be included.

      There are also PPI affiliate networks, which are the bridges between the advertisers and the publishers, handling payments but also determining—once inside a system—what exactly to install.

      “This entails fingerprinting an end user’s system to determine any risk associated with anti-virus as well as to support geo-targeted installations,” the report explains. “Similarly, the PPI network dictates the level of user consent when it installs an advertiser’s binary, where consent forms a spectrum between silent installs to opt-out dialogues. In some cases, Advertisers can customize the installation dialogue and thus play a role in user consent.”

      There are also resellers: PPI affiliate networks that aggregate publishers’ install traffic and resell it to larger affiliate networks. These help to simplify a process where the victim isn’t “primed to download a bundle,” the paper explains, by providing things like banner ads and “butter bars”—for example, a “Your Flash player is out of date” button.

      While the researchers’ investigation was extensive, they did face limitations. For example, because they work exclusively with U.S. IP addresses, it biased their perspective on non-U.S. traffic and offers. Also, because they weren’t participating directly, they weren’t privy to exact per-install pricing details, though they found the range to run from $0.02 to $1.50, with U.S. installs fetching the highest rates.

      Between June 1, 2014, and Jan. 7, 2016, Safe Browsing warnings occurred an average of 35 million times a week and displayed 28 million interstitial web pages (ads that are displayed before the desired content page).

      The five countries receiving the most Safe Browsing warnings were India (8.2 percent), Brazil (7.2), Vietnam (6.4) the United States (6.2) and Turkey (5.1).

      The largest offender by far, as detected by the Chrome Cleanup Tool on Windows, was the browser settings hijacker Conduit, which accounted for 20.9 percent of unwanted software installs. It was followed by Elex (13.4 percent) and ad injector Multiplug (5.1 percent).

      “As anti-virus and browsers move to integrate signatures of unwanted software into their malware removal tools and warning systems, we showed evidence that commercial PPI networks actively attempted to evade user protections in order to sustain their business model,” the authors wrote in conclusion. “These practices demonstrate that 14 PPI affiliate networks operated with impunity towards the interests of users, relying on a user consent dialogue to justify their actions—though their behaviors may have changed since the conclusion of our study. We hope that by documenting these behaviors the security community will recognize unwanted software as a major threat.”

      In an Aug. 4 post on the Google Security Blog, Research Scientist Kurt Thomas and Software Engineer Juan A. Elices Crespo noted that on June 14, Google hosted a Clean Software Summit that brought together members of the antivirus industry, bundling platforms and the Clean Software Alliance, a group consisting of members of the antivirus industry, software platforms and parties that profit from PPI.

      Together, they “laid the groundwork for an industry-wide initiative” to provide users with clear, safe choices when installing software.

      They added, “We continue to advocate on behalf of users to ensure they remain safe while downloading software online.”

      The USENIX conference will begin Aug. 10 in Austin, Texas.

      Michelle Maisto
      Michelle Maisto has been covering the enterprise mobility space for a decade, beginning with Knowledge Management, Field Force Automation and eCRM, and most recently as the editor-in-chief of Mobile Enterprise magazine. She earned an MFA in nonfiction writing from Columbia University, and in her spare time obsesses about food. Her first book, The Gastronomy of Marriage, if forthcoming from Random House in September 2009.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×