<img src="https://secure.seem3pick.com/198073.png" style="display:none;">

Google Investigates Security-threatening Ad Injectors

Posted by Philip Tang on Fri, May 15, 2015
Philip Tang


Online advertisements are annoying enough as they are in their natural state. Gaudy pop-ups, incessant flashing and obnoxiously loud auto-playing videos are only the tip of the iceberg. 

The situation goes from bad to worse with ad injectors, which turn web browsing into a torturous experience. Not only do these programs spawn new ads in places they normally wouldn't even exist, they also present potential internet security risks. 

Google's Online Security Blog offers a specific example of a security threat: Your browser typically establishes a secure connection with Gmail. Ad injectors, however, tamper with the browser's security trust store. The injector imposes itself as a 'middle man' of sorts and can gain access to your personal data and expose your computer to addtional harm.

Ad injector proliferation is a growing threat, according to a joint study conducted by Google with the University of California, Berkeley and Santa Barbara.  Google says they've received over 100,000 Chrome user complaints about ad injectors since the start of 2015, which far exceeds complaint count for any other issue.

UC Berkeley is one of the schools that partnered with Google to research ad injectors

Investigating the ecosystem of ad injections was one of the study's goals.  To this end, the joint research team built an ad injection "detector" for Google sites and monitored several months of activity in 2014.

The results spoke for themselves: 5.5% of unique IPs, equating to millions of people, that accessed Google sites were infected by some form of ad injection.

Over 50,000 browser extensions and more than 34,000 software applications were found that took control of browsers to inject ads. About 30% of this software was deemed malicious, meaning they sought to steal personal data and report user activity to third parties for tracking.

More than 1,000 businesses were found to use tactics like marketing, malware distribution and social advertising campaigns to spread ad injector software.  

In light of ad injectors' alarming rise to prominence, Google has taken measures to mitigate harm. They've outright removed 192 deceptive Chrome extensions from the Chrome Web Store. That sounds like a small number in a relative context, but these 192 alone were responsible for infecting 14 million users.

Google has also improved base Chrome protection, making it flag unwanted software with greater frequency. Lastly, they've reached out to ad injection-afflicted advertisers to alert them of the deceptive practices of ad injectors.

While Google has become a frontrunner in a virtual war against ad injectors, only Chrome has been granted extended protections. What about other popular browsers? Hopefully, they'll follow in the path pioneered by Google and begin laying down anti ad-injection measures themselves.  


Sources: http://googleonlinesecurity.blogspot.com/2015/05/new-research-ad-injection-economy.html



"UCBerkeleyCampus" by brainchildvn on Flickr - Flickr. Licensed under CC BY 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:UCBerkeleyCampus.jpg#/media/File:UCBerkeleyCampus.jpg


10 Things about BYOD


Tags: Data Security

Subscribe to our BLOG

Recent Posts