TY - GEN
T1 - Ad injection at scale
T2 - 36th IEEE Symposium on Security and Privacy, SP 2015
AU - Thomas, Kurt
AU - Bursztein, Elie
AU - Grier, Chris
AU - Ho, Grant
AU - Jagpal, Nav
AU - Kapravelos, Alexandros
AU - McCoy, Damon
AU - Nappa, Antonio
AU - Paxson, Vern
AU - Pearce, Paul
AU - Provos, Niels
AU - Rajab, Moheeb Abu
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/7/17
Y1 - 2015/7/17
N2 - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.
AB - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.
KW - ad fraud
KW - ad injection
KW - web injection
UR - http://www.scopus.com/inward/record.url?scp=84941004923&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84941004923&partnerID=8YFLogxK
U2 - 10.1109/SP.2015.17
DO - 10.1109/SP.2015.17
M3 - Conference contribution
AN - SCOPUS:84941004923
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 151
EP - 167
BT - Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 May 2015 through 20 May 2015
ER -