View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Google claims millions of users exposed to adware

Search engine calls for collaboration to reduce malware epidemic.

By

Millions of web users were found to have been exposed to ad injections after they downloaded malicious browser extensions or other bits of software, according to data compiled by Google.

A piece of code inserted into the search engine websites showed that 5.5% of the unique IP addresses accessing Google sites were seeing pages with adverts illegitimately injected into the page.

Analysing the results, the search engine found more than 50,000 browser extensions and more than 34,000 pieces of software that injected adverts into webpages, often as part of affiliate schemes.

Kurt Thomas, spam and abuse research at Google, wrote on the firm’s blog: "Ad injectors are programs that insert new ads, or replace existing ones, into the pages you visit while browsing the web.

"We’ve received more than 100,000 user complaints about them in Chrome since the beginning of 2015 – more than any other issue. Unwanted ad injectors are not only annoying, they can pose serious security risks to users as well."

Hackers are said to use a number of tactics to spread the ad injector software, including conventional marketing, bundling the malware with popular downloads, and social advertising.

Once installed the programs allegedly rely on so-called "injection libraries" including Superfish, a piece of adware that earlier this year was found to have been bundled with Lenovo computers.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

"These [adware] companies manage advertising relationships with a handful of ad networks and shopping programs and decide which ads to display to users," Thomas said.

"Whenever a user clicks on an ad or purchases a product, these companies make a profit, a fraction of which they share with affiliates."

He added that Sears, Target and eBay were among the victims because they were unwittingly paying for traffic to their sites that had been generated by unwanted software.

Following its research Google has taken more aggressive steps to police its Play Store for apps, as well as contacting advertisers affected.

It has also tweaked its AdWords policy to make it more difficult for advertisers to promote unwanted software.

"Considering the tangle of different businesses involved – knowingly, or unknowingly – in the ad injector ecosystem, progress will only be made if we raise our standards, together," Thomas said.

"We strongly encourage all members of the ads ecosystem to review their policies and practices so we can make real improvement on this issue."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU