Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Googletens of millions of users around the globe. Injected ads arrive on a clients machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.
Ad injection at scale: assessing deceptive advertisement modifications
- Download Publication • Bibtex
- Conference Security and Privacy 2015
- Authors Kurt Thomas , Elie Bursztein , Chris Grier , Grant Ho , Nav Jagpal , Alexandros Kapravelos , Damon McCoy , Antonio Nappa , Vern Paxson , Paul Pearce , Niels Provos , Moheeb Abu Rajab
- Award Distinguished Practical Paper Award
Selected press articles
Busted! Google Names Key Culprits In Scammy Ad Software
Forbes - Robert Hof - May 2015
Downloads
PDFOne in 20 web users infected with ad injection software
The Guardian - Alex Hern - May 2015
Downloads
PDFAd Injection: Yet Another Challenge for Online Advertising
The Wall Street Journal - Jack Marshall - May 2015
Downloads
PDF