Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Googletens of millions of users around the globe. Injected ads arrive on a clients machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.
Ad injection at scale: assessing deceptive advertisement modifications
Available Media
Conference
Security and Privacy 2015
Authors
Kurt Thomas , Elie Bursztein , Chris Grier , Grant Ho , Nav Jagpal , Alexandros Kapravelos , Damon McCoy , Antonio Nappa , Vern Paxson , Paul Pearce , Niels Provos , Moheeb Abu Rajab
Award Distinguished Practical Paper Award
Citation
Selected Press articles
Forbes | Robert Hof | May 2015
Busted! Google Names Key Culprits In Scammy Ad SoftwareThe Guardian | Alex Hern | May 2015
One in 20 web users infected with ad injection softwareThe Wall Street Journal | Jack Marshall | May 2015
Ad Injection: Yet Another Challenge for Online Advertising