Ad injection at scale: Assessing deceptive advertisement modifications

Kurt Thomas; Elie Bursztein; Chris Grier; Grant Ho; Nav Jagpal; Alexandros Kapravelos; Damon McCoy; Antonio Nappa; Vern Paxson; Paul Pearce; Niels Provos; Moheeb Abu Rajab

doi:10.1109/SP.2015.17

Ad injection at scale: Assessing deceptive advertisement modifications

Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

Original language	English (US)
Title of host publication	Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	151-167
Number of pages	17
ISBN (Electronic)	9781467369497
DOIs	https://doi.org/10.1109/SP.2015.17
State	Published - Jul 17 2015
Event	36th IEEE Symposium on Security and Privacy, SP 2015 - San Jose, United States Duration: May 18 2015 → May 20 2015

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2015-July
ISSN (Print)	1081-6011

Other

Other	36th IEEE Symposium on Security and Privacy, SP 2015
Country/Territory	United States
City	San Jose
Period	5/18/15 → 5/20/15

Keywords

ad fraud
ad injection
web injection

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Access to Document

10.1109/SP.2015.17

Cite this

Thomas, K., Bursztein, E., Grier, C., Ho, G., Jagpal, N., Kapravelos, A., McCoy, D., Nappa, A., Paxson, V., Pearce, P., Provos, N., & Rajab, M. A. (2015). Ad injection at scale: Assessing deceptive advertisement modifications. In Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015 (pp. 151-167). Article 7163024 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2015-July). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2015.17

Ad injection at scale: Assessing deceptive advertisement modifications. / Thomas, Kurt; Bursztein, Elie; Grier, Chris et al.
Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 151-167 7163024 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2015-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Thomas, K, Bursztein, E, Grier, C, Ho, G, Jagpal, N, Kapravelos, A, McCoy, D, Nappa, A, Paxson, V, Pearce, P, Provos, N & Rajab, MA 2015, Ad injection at scale: Assessing deceptive advertisement modifications. in Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015., 7163024, Proceedings - IEEE Symposium on Security and Privacy, vol. 2015-July, Institute of Electrical and Electronics Engineers Inc., pp. 151-167, 36th IEEE Symposium on Security and Privacy, SP 2015, San Jose, United States, 5/18/15. https://doi.org/10.1109/SP.2015.17

Thomas K, Bursztein E, Grier C, Ho G, Jagpal N, Kapravelos A et al. Ad injection at scale: Assessing deceptive advertisement modifications. In Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 151-167. 7163024. (Proceedings - IEEE Symposium on Security and Privacy). doi: 10.1109/SP.2015.17

@inproceedings{060485f6f52e47768dbb01b9795d6f6b,

title = "Ad injection at scale: Assessing deceptive advertisement modifications",

abstract = "Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.",

keywords = "ad fraud, ad injection, web injection",

author = "Kurt Thomas and Elie Bursztein and Chris Grier and Grant Ho and Nav Jagpal and Alexandros Kapravelos and Damon McCoy and Antonio Nappa and Vern Paxson and Paul Pearce and Niels Provos and Rajab, {Moheeb Abu}",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 36th IEEE Symposium on Security and Privacy, SP 2015 ; Conference date: 18-05-2015 Through 20-05-2015",

year = "2015",

month = jul,

day = "17",

doi = "10.1109/SP.2015.17",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "151--167",

booktitle = "Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015",

}

TY - GEN

T1 - Ad injection at scale

T2 - 36th IEEE Symposium on Security and Privacy, SP 2015

AU - Thomas, Kurt

AU - Bursztein, Elie

AU - Grier, Chris

AU - Ho, Grant

AU - Jagpal, Nav

AU - Kapravelos, Alexandros

AU - McCoy, Damon

AU - Nappa, Antonio

AU - Paxson, Vern

AU - Pearce, Paul

AU - Provos, Niels

AU - Rajab, Moheeb Abu

PY - 2015/7/17

Y1 - 2015/7/17

N2 - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

AB - Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them. We develop a multi-staged pipeline that identifies ad injection in the wild and captures its distribution and revenue chains. We find that ad injection has entrenched itself as a cross-browser monetization platform impacting more than 5% of unique daily IP addresses accessing Google - tens of millions of users around the globe. Injected ads arrive on a client's machine through multiple vectors: our measurements identify 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious. A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.

KW - ad fraud

KW - ad injection

KW - web injection

UR - http://www.scopus.com/inward/record.url?scp=84941004923&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84941004923&partnerID=8YFLogxK

U2 - 10.1109/SP.2015.17

DO - 10.1109/SP.2015.17

M3 - Conference contribution

AN - SCOPUS:84941004923

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 151

EP - 167

BT - Proceedings - 2015 IEEE Symposium on Security and Privacy, SP 2015

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 18 May 2015 through 20 May 2015

ER -

Ad injection at scale: Assessing deceptive advertisement modifications

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this