Industry News

Rogue Ads Impacted Tens of Millions Users, Google Study Reveals

In 2014, 5.5% of visitors to a Google site were served malicious ads, according to a Google study. In an in-depth analysis of the web injection ecosystem, Google identified tens of millions of ad injections “in the wild” in only a few months.

The company partnered with the University of California, Berkeley and Santa Barbara to shed light on the “tangled web” of the lucrative online advertising business. “Our results reveal that ad injection has entrenched itself as a cross-browser monetization platform that impacts tens of millions of users around the globe,” Google said.

Why are ads a security hazard?

Ad injectors are programs that insert ads, or replace existing ones, into the pages users visit while browsing the web.

Injectors are more than an annoyance; they threaten users’ security by breaking browser encryption to place ads that serve malware, steal account credentials and hijack search queries and report users’ activity to third parties for tracking.

Rogue Ads Impacted Tens of Millions Users, Google Study Reveals

Source: Google

Between June and September of 2014, the researchers found 50,870 Chrome extensions and more than 34,000 software applications acting as unwanted ad injectors. Around 38 per cent were described as malicious – in addition to injecting unwanted ads, they also spammed Facebook (24 per cent) and hijacked search queries (11 per cent) to leak users’ activities to third parties.

The most popular program injecting adware is superfish.com, which appeared in 3.9 per cent of Google views. It’s closely followed by jollywallet.com (2.4 per cent), which overwrites affiliate parameters for URLs on shopping sites.

Mac users aren’t safe either. Google found injections in 3.4 per cent and 5.1 per cent of pages served to Mac and Windows users, respectively.

How to avoid malicious ads?

If your Mac has ad-injection software installed, you may be bombarded with pop-up windows, ads and graphics while surfing the web. Your browser’s ad blocker might prove inefficient. Ad-injection software can change your home page and preferred search engine. To get rid of adware, you can either update your Mac OS version to OS X Yosemite v10.10.3 or later or remove it manually.

To get rid of adware fast and free, you can opt for a tool like Bitdefender Adware Removal Tool for PC. It works on any PC with Windows (XP or later Windows release) with Internet Explorer (6 or later version).

The study also shows that almost 3,000 high-profile advertisers, including Target, Sears and Ebay, unwittingly pay for traffic from injectors, as ad injectors are usually organized as affiliate programs.

In reaction to its research, Google announced a software crackdown and removed almost 200 “deceptive” extensions from the web store for its Chrome browser. It has also started to use Chrome’s safe browsing features to display warnings to users who are (likely unknowingly) about to download ad injection software.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.