Google’s recent study shows the effect of the Ad Injection in our digital media. We already know and hate the ad frauds, ad blockers, and ads that aren’t viewable. Now this dreadful list is extended with one new component for scammers to earn revenue from the internet users – Ad Injection. In basic terms, it is a symptom of unwanted software or programsin your visited pages.
Google was concerned about its effect, so they performed a study with the University of California, Berkeley, and Santa Barbara to find out the major Ads injector sites. The study also includes two important questions: how many users were being affected by this and how to stop this.
Google started this study in 2014, and in this one year study they developed a multistage pipeline which works as a detector for these type of ads. The study shows tens of millions of instances of ad injection over this one year course which was the 5.5% of unique daily IP addresses accessing Google.
The study also shows that Windows is more affected by this as compare to Mac because of the data which showed 3.4% and 5.1% of pages served to Mac and Windows users. Of the Alexa Top 100, they observed in property injections into 75% of pages of these sites. The major part of which was on Google.com, Yahoo.com, Amazon.com, eBay.com, Alibaba.com, Craigslist.org, YouTube.com, Walmart.com and XVideos.com.
How Ad injectors work?
First it all starts with a malicious software installation. This study shows that the ads came from different elements of browser which include 50,870 Chrome extensions and 34,407 Windows binaries or software applications, 38% and 17% of which are explicitly malicious. Ad injector attacks on Windows by changing HKCU/software/Microsoft/windows/currentversion/internet/proxyserver at proxy installation or by Silently install an extension by modifying the user’s browser profile stored in Google/chrome/userdata/default/preferences.
After the software or extension installation, next step will be the distribution using affiliated programs by these injector sites. The affiliated program includes marketing, bundling applications with popular downloads, outright malware distribution, and large social advertising campaigns. The distribution is done by browser extensions or plugins like ShopperPro, Yontoo, and PlusHD and many more including Crossrider and Netcrawl like sites, that use at least one of these tactics.
Now these affiliated sites or extension use some injection library site which provide them ads to replace the existing ones. The most popular ad injector site with injection library is superfish.com, it injects ads into more than 16,000 websites and grossed over $35 million in 2013 according to financial reports. Jollywallet.com and Visadd.com like sites are also major contributors to these ads.
These reports showed that the network and reach of these unwanted Ads are now pretty wide. Google is trying hard to stop these malware activities by removing Chrome extension and flagging Chrome users at the malware software installation. Also, by informing the advertisers to stop their services for these type of activities. In this direction Google removed 192 chrome extensions which was showing this malicious behavior.
You can also read the full report Here.