Google Ad Injectors Affect 1 In 20 Visitors - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
4/2/2015
09:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Google Ad Injectors Affect 1 In 20 Visitors

If you're seeing extra or unusual ads, you may have an unwanted ad injector.

Microsoft 'Project Spartan': Hands-On Demo
Microsoft 'Project Spartan': Hands-On Demo
(Click image for larger view and slideshow.)

About 5% of Google visitors have at least one ad injector installed, according to the company.

Ad injectors are programs that insert extra ads, or replace existing ads, on Web pages. They may be acquired through malware, deception, inadequate disclosure, or deliberate disregard for online risks. Lenovo in February disavowed the Superfish ad injector that was on notebooks it shipped during the final three months of 2014, after it came to understand the security implications of the software.

Google plans to publish research next month about the extent of ad injectors, and has shared some of its findings in a blog post. Among the 5% of people visiting Google sites who have ad injectors on their systems, half of those have at least two ad injectors installed, and almost one third have at least four installed.

In the blog post, Google software engineer Nav Jagpa referred to ad injectors as "unwanted software," a term that stops short of the designation "malware" and avoids "adware" and "malvertising." However, he noted that 34% of the Chrome extensions injecting ads were classified as malware.

Google's research is based on data from 100 million page views of Google sites around the globe through Chrome, Firefox, and Internet Explorer on Mac and Windows systems. The company found ad injectors affecting the three browsers and two operating systems tested. Ad injectors can be installed through browser extensions or add-ons, or through other software.

"People don't like ad injectors for several reasons: Not only are they intrusive, but people are often tricked into installing ad injectors in the first place, via deceptive advertising, or software 'bundles,'" explained Jagpal in his blog.

(Image: Google with injected ads)

(Image: Google with injected ads)

Jagpal pointed out that ad injectors present problems for advertisers and publishers, too, by preventing them from knowing where their ads are running and by running ads that offer no compensation and that may harm website visitors.

Google doesn't ban ad injectors outright from its Chrome Web Store. It allows people to install those that clearly document what they do, perhaps because denying users the tools to alter code in their browsers could ban desirable user-instigated page modifications. But the company does require that those making Chrome extensions adhere to policies that prohibit deceptive or malicious behavior.

Google also requires AdWords advertisers to adhere to its Unwanted Software Policy. And it prohibits Google Platform users and DoubleClick Ad Exchange sellers from overlaying ad space on a website without the site owner's permission.

After analyzing data from 800,000 users at 70 companies from January 1 through November 30, 2014, Cisco Security Research found that the number of individuals with malicious browser add-ons ranged from 711 to 1,751 during any given month. Cisco suggested such malware is optimized for survivability and long-term financial gain, rather than rapid, mass distribution, which tends to attract security countermeasures.

According to a research paper published last year, "The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements," most ad networks "send only a small degree of malicious advertisements." However, on one ad network, 3% of the ads were malicious. Not all malicious ads result in infections -- the paper cites 9% as suggested rate of infection after exposure to malicious ads.

Last May, a US Senate report on the online advertising industry found that the complexity of the online advertising ecosystem prevents consumers from avoiding malicious advertising and impedes industry accountability.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Commentary
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll